CVE-2001-0333

Microsoft Internet Information Server < 5.0 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

Exploits (10)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16467
exploitdb WORKING POC VERIFIED
by HuXfLuX · cremotewindows
https://www.exploit-db.com/exploits/20836
exploitdb WRITEUP VERIFIED
by Roelof · textremotewindows
https://www.exploit-db.com/exploits/20842
exploitdb WRITEUP VERIFIED
by Gary O'Leary-Steele · textremotewindows
https://www.exploit-db.com/exploits/20841
exploitdb WRITEUP VERIFIED
by A.Ramos · textremotewindows
https://www.exploit-db.com/exploits/20840
exploitdb WORKING POC VERIFIED
by Leif Jakob · bashremotewindows
https://www.exploit-db.com/exploits/20839
exploitdb WORKING POC VERIFIED
by MovAX · cremotewindows
https://www.exploit-db.com/exploits/20838
exploitdb WORKING POC VERIFIED
by Cyrus The Gerat · perlremotewindows
https://www.exploit-db.com/exploits/20837
exploitdb WORKING POC VERIFIED
by Filip Maertens · cremotewindows
https://www.exploit-db.com/exploits/20835
metasploit WORKING POC EXCELLENT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/ms01_026_dbldecode.rb

References (9)

Scores

EPSS 0.8447
EPSS Percentile 99.3%

Details

Status published
Products (2)
microsoft/internet_information_server 4.0
microsoft/internet_information_server < 5.0
Published Jun 27, 2001
Tracked Since Feb 18, 2026