exploitDog

CVE-2000-0770

Опубликовано: 20 окт. 2000

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

Ссылки

http://www.securityfocus.com/bid/1565
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057
http://www.securityfocus.com/bid/1565
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01619

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8wcg-8pwm-v3gc

github

почти 4 года назад

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

EPSS

Процентиль: 81%

0.01619

Низкий

6.4 Medium

CVSS2

Дефекты

NVD-CWE-Other