CVE-2000-0071
CVSS 2.0 Score 5 of 10 (medium)
Details
Summary
CVE-2000-0071 is a vulnerability affecting Internet Information Services (IIS) version 4.0. This issue allows remote attackers to obtain the real pathname of the document root by requesting non-existent files with the extensions .ida or .idq. This information could be exploited to gain unauthorized access or perform further attacks. The vulnerability is significant as IIS is widely used for hosting websites and applications, increasing the potential attack surface for this issue. Attackers can easily exploit this by crafting specially crafted HTTP requests to the target server, potentially leading to serious security consequences. Organizations running IIS 4.0 should apply the available patch as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft IIS
Affected Vendors
- Microsoft