Description
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by David Litchfield · textremotewindows
https://www.exploit-db.com/exploits/20269
References (4)
Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1756
Vendor Advisory vendor-advisory
x_refsource_mskb
http://www.microsoft.com/technet/support/kb.asp?ID=272079
Various Sources vendor-advisory
x_refsource_atstake
http://www.atstake.com/research/advisories/2000/a100400-1.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5335
Scores
EPSS
0.4917
EPSS Percentile
97.8%
Details
Status
published
Products (1)
microsoft/internet_information_services
5.0
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026