Vulnerabilities > CVE-2001-0004 - Unspecified vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

NVD

Published: 2001-02-12

Updated: 2024-11-20

Summary

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Information Services 5.0 Microsoft Internet Information Server 4.0	2

References

http://marc.info/?l=bugtraq&m=97897954625305&w=2
http://marc.info/?l=bugtraq&m=97897954625305&w=2
http://www.securityfocus.com/bid/2313
http://www.securityfocus.com/bid/2313
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-004
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-004
https://exchange.xforce.ibmcloud.com/vulnerabilities/5903
https://exchange.xforce.ibmcloud.com/vulnerabilities/5903