CVE-1999-0253

IIS 3.0 - Info Disclosure

Title source: llm

Description

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

References (1)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1814

Scores

EPSS 0.0299

EPSS Percentile 86.3%

Classification

Status draft

Affected Products (3)

microsoft/internet_information_server

microsoft/internet_information_services

Timeline

Published Jan 01, 1997

Tracked Since Feb 18, 2026