Vulnerabilities > CVE-2000-0024 - Unspecified vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

NVD

Published: 1999-12-21

Updated: 2023-11-07

Summary

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Site Server 3.0 Microsoft Internet Information Server 4.0 Microsoft Site Server Commerce 3.0	3

References

http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401