CVE-2000-0126
CVSS 2.0 Score 5.0 of 10 (medium)
Details
Published Jan 26, 2000
Updated: Nov 20, 2024
Summary
CVE-2000-0126 is a vulnerability affecting Internet Information Services (IIS) versions 3 and 4. Hackers can exploit this issue by using maliciously crafted Internet Data Query (IDQ) scripts to read sensitive files on the targeted system. The vulnerability arises due to inadequate input validation, enabling attackers to traverse directories and access restricted data through a ".. (dot dot)" attack. This security weakness poses a serious risk, allowing unauthorized access and potential data theft.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft IIS
Affected Vendors
- Microsoft