CVE-2003-0317

iisPROTECT 2.1 and 2.2 - Authentication Bypass via URL-Encoded Characters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0317. PoCs published by iDefense.

AI-analyzed exploit summary This entry describes a path traversal vulnerability in an unspecified web server where URL-encoded slashes (%2f) and other encodings (%70) can bypass access controls to protected directories. No executable code is provided.

Description

iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by iDefense · textremotewindows

https://www.exploit-db.com/exploits/22631

View Code ZIP pw:eip

This entry describes a path traversal vulnerability in an unspecified web server where URL-encoded slashes (%2f) and other encodings (%70) can bypass access controls to protected directories. No executable code is provided.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: unspecified web server (likely Apache or similar, 2003 era)

No auth needed

Prerequisites: vulnerable web server with predictable directory structure

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory third-party-advisory x_refsource_idefense

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=25

Scores

EPSS 0.0599

EPSS Percentile 92.4%

Details

Status published

Products (2)

iisprotect/iisprotect 2.1

iisprotect/iisprotect 2.2

Published Dec 31, 2003

Tracked Since Feb 18, 2026