CVE-2000-0302

Microsoft Index Server - Info Disclosure

Title source: llm

Description

Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Litchfield · textremotewindows

https://www.exploit-db.com/exploits/19830

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/271

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1084

[Mailing List] http://marc.info/?l=bugtraq&m=95453598317340&w=2

Scores

EPSS 0.7440

EPSS Percentile 98.9%

Details

Status published

Products (1)

microsoft/index_server 2.0

Published Mar 31, 2000

Tracked Since Feb 18, 2026