Lucene search

[email protected]CVE-2000-0710

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0710

2000-10-2004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

frontpage

2000

server

security issue

dos device

url

shtml.exe

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.965 High

EPSS

Percentile

99.6%

JSON

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.

CPENameOperatorVersion
microsoft:frontpagemicrosoft frontpageeq*

CPE	Name	Operator	Version
microsoft:frontpage	microsoft frontpage	eq	*

References

archives.neohapsis.com/archives/bugtraq/2000-08/0288.html

msdn.microsoft.com/workshop/languages/fp/2000/sr12.asp

www.securityfocus.com/bid/1608

Social References

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.965 High

EPSS

Percentile

99.6%

JSON