Lucene search

MitreCVE-2001-0004

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-0004

2001-09-1804:00:00

mitre

web.nvd.nist.gov

cve-2001-0004

iis 5.0

iis 4.0

remote attack

source code

url

.htr isapi extension.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.873

Percentile

98.6%

JSON

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending “%3F+.htr” to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the “File Fragment Reading via .HTR” vulnerability.

Affected configurations

Nvd

Node

microsoftinternet_information_serverMatch4.0

microsoftinternet_information_servicesMatch5.0

VendorProductVersionCPE
microsoftinternet_information_server4.0cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
microsoftinternet_information_services5.0cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_information_server	4.0	cpe:2.3:a:microsoft:internet_information_server:4.0:::::::*
microsoft	internet_information_services	5.0	cpe:2.3:a:microsoft:internet_information_services:5.0:::::::*

References

marc.info/?l=bugtraq&m=97897954625305&w=2

www.securityfocus.com/bid/2313

docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-004

exchange.xforce.ibmcloud.com/vulnerabilities/5903

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.873

Percentile

98.6%

JSON

Related for CVE-2001-0004