CVE-2000-0258

HIGH

Microsoft Internet Information Server - Improper Input Validation

Title source: rule

Description

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1101

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023

Scores

CVSS v3 7.5

EPSS 0.2031

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-20

Status draft

Affected Products (2)

microsoft/internet_information_server

microsoft/internet_information_services

Timeline

Published Apr 12, 2000

Tracked Since Feb 18, 2026