CVE-2000-0071

CVSS 2.0 Score 5 of 10 (medium)

Details

Published Jan 11, 2000
Updated: Nov 20, 2024

Summary

CVE-2000-0071 is a vulnerability affecting Internet Information Services (IIS) version 4.0. This issue allows remote attackers to obtain the real pathname of the document root by requesting non-existent files with the extensions .ida or .idq. This information could be exploited to gain unauthorized access or perform further attacks. The vulnerability is significant as IIS is widely used for hosting websites and applications, increasing the potential attack surface for this issue. Attackers can easily exploit this by crafting specially crafted HTTP requests to the target server, potentially leading to serious security consequences. Organizations running IIS 4.0 should apply the available patch as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share