CVE-2000-0115
CVSS 2.0 Score 5.0 of 10 (medium)
Details
Published Jan 21, 2000
Updated: Nov 20, 2024
Summary
CVE-2000-0115 is a denial-of-service vulnerability affecting Microsoft's Internet Information Services (IIS) server. This issue arises due to IIS's failure to adequately validate regular expressions in Visual Basic scripts used in Active Server Pages (ASP). Malicious users can exploit this vulnerability by crafting an invalid regular expression, which causes the server to consume excessive resources and ultimately results in a denial-of-service condition. Local users with the ability to create or modify ASP pages can leverage this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft IIS
Affected Vendors
- Microsoft