CVE Database · CVE-2000-0884
CVSS v3.1
N/A
EPSS
72.70%
Published
Dec 19, 2000
Modified
Apr 15, 2026
Public PoC / Exploit (10)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
Affected Products (2)
References (10)
