Description
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Mark Joseph Edwards · textremotewindows
https://www.exploit-db.com/exploits/20481
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0154
Scores
EPSS
0.4824
EPSS Percentile
97.8%
Details
Status
published
Products (2)
microsoft/internet_information_server
3.0
microsoft/internet_information_services
2.0
Published
Dec 31, 1999
Tracked Since
Feb 18, 2026