Lucene search

[email protected]CVE-2000-0770

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0770

2000-10-2004:00:00

[email protected]

web.nvd.nist.gov

iis 4.0

iis 5.0

file permission canonicalization vulnerability

nvd

cve-2000-0770

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the “File Permission Canonicalization” vulnerability.

Affected configurations

NVD

Node

microsoftinternet_information_serverMatch4.0

microsoftinternet_information_servicesMatch5.0

CPENameOperatorVersion
microsoft:internet_information_servermicrosoft internet information servereq4.0
microsoft:internet_information_servicesmicrosoft internet information serviceseq5.0

CPE	Name	Operator	Version
microsoft:internet_information_server	microsoft internet information server	eq	4.0
microsoft:internet_information_services	microsoft internet information services	eq	5.0

References

www.securityfocus.com/bid/1565

docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2000-0770

nvd1 cvelist1 nessus1