CVE Vulnerabilities

CVE-2001-0004

Published: Feb 12, 2001 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending %3F+.htr to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the File Fragment Reading via .HTR vulnerability.

Affected Software

Name Vendor Start Version End Version
Internet_information_services Microsoft 5.0 5.0
Internet_information_server Microsoft 4.0 4.0

References