CVE-2000-0457
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2000-0457
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft IIS 4.0/5.0 .HTR文件名截断泄漏文件内容漏洞(MS00-031)
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IIS是一款Windows NT/2000系统自带的的Web服务器软件,由Microsoft公司开发维护。IIS支持对一些特定文件名后缀(如.ASP、.IDC、.HTR)的文件请求执行进一步的处理,当服务器接到此类文件的请求时,每种后缀的文件由一个特定的DLL文件处理。ISM.DLL用于处理.HTR、.STM、.IDC为后缀的文件请求。 Cerberus 安全小组发现微软的IIS 4/5存在一个缺陷,允许攻击者访问那些本来无权访问的文件。比如/scripts目录下的文本文件(.txt、.log、.ini)
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2000-0457
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2000-0457
请登录查看更多情报信息。
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031vendor-advisoryx_refsource_MS
- https://nvd.nist.gov/vuln/detail/CVE-2000-0457
Same Patch Batch · n/a · 2002-03-09 · 428 CVEs total
| CVE-2001-0589 | NetScreen-10和Netscreen-100 NetScreen ScreenOS存在漏洞 | |
| CVE-2001-0625 | Computer Associates InoculateIT ftpdownload 安全漏洞 | |
| CVE-2001-0622 | Cisco Content Service交换机管理认证绕过漏洞 | |
| CVE-2001-0621 | Cisco Content Service交换机FTP访问控制漏洞 | |
| CVE-2001-0616 | Faust Informatics Freestyle Chat服务器服务拒绝漏洞 | |
| CVE-2001-0615 | Faust Informatics Freestyle Chat目录遍历漏洞 | |
| CVE-2001-0613 | Omnicron Technologies OmniHTTPD Professional拒绝服务漏洞 | |
| CVE-2001-0611 | Becky!特权提升漏洞 | |
| CVE-2001-0596 | Netscape Navigator 'about:'Domain信息泄露漏洞 | |
| CVE-2001-0595 | Solaris kcms_configure 缓冲区溢出漏洞 | |
| CVE-2001-0594 | Solaris kcms_configure获取额外特权漏洞 | |
| CVE-2001-0593 | Ananconda Partners Clipper文件泄露漏洞 | |
| CVE-2001-0591 | Oracle JSP和Oracle iAS Release目录遍历漏洞 | |
| CVE-2001-0590 | Apache Software Foundation Tomcat Servlet读取任意'jsp'文件的源代码漏洞 | |
| CVE-2001-0559 | Vixie cron特权提升漏洞 | |
| CVE-2001-0564 | APC Telnet管理服务拒绝漏洞 | |
| CVE-2001-0563 | ElectroSystems Engineering Inc. ElectroComm服务拒绝 | |
| CVE-2001-0560 | Vixie cron缓冲区溢出漏洞 | |
| CVE-2001-0565 | Solaris mailx -F缓冲区溢出漏洞 | |
| CVE-2001-0558 | T. Hauck Jana Webserver服务拒绝漏洞 |
Showing top 20 of 428 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2000-0457
No comments yet