|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-31 | |
| Rule Name: | Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability -5 (CVE-2000-0884) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | |
| Impact: | An attacker can obtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:ms00-078 SecurityFocusBID:1806 |
|
| Solutions |
|---|
| Microsoft has released a patch MS00-078 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp |