CVE-2000-0024
CVSS 2.0 Score 6.4 of 10 (medium)
Details
Published Dec 21, 1999
Updated: Nov 20, 2024
Summary
CVE-2000-0024 is a vulnerability affecting Microsoft's Internet Information Services (IIS) software. The issue lies in IIS's URL canonicalization process, which fails to properly handle escape characters. This flaw enables remote attackers to bypass access restrictions in third-party applications installed on IIS servers by manipulating URLs containing malicious escape characters. The consequence of exploiting this vulnerability could lead to unauthorized access, data theft, or further system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft IIS
Affected Vendors
- Microsoft