Description

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Remediation

References

CVE-2000-0413

Related Vulnerabilities

WordPress Plugin Shoppable Images Multiple Vulnerabilities (1.0.0)

WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)

WordPress Plugin Polylang Cross-Site Request Forgery (2.5)

WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

Severity

Medium

Classification

CVE-2000-0413

Tags

Missing Update Known Vulnerabilities