Description

The web server is vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\".

Remediation

Install the latest patches from Microsoft.

References

Cve - Cve-2000-0884

Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (4)

Related Vulnerabilities

WordPress Plugin Slider Revolution Responsive Local File Inclusion (4.1.4)

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)

Python object deserialization of user-supplied data

WordPress Plugin Adaptive Images for WordPress Multiple Vulnerabilities (0.6.66)

Severity

High

Classification

CVE-2000-0884 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Configuration