CVE-2000-0413 - CVE Details

Description

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

microsoft - frontpage

Affected Versions:

microsoft - internet_information_server

Affected Versions:

microsoft - internet_information_services

Affected Versions:

References

http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
http://www.securityfocus.com/bid/1174
http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
http://www.securityfocus.com/bid/1174