CVE-2000-0024

Description

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Affected products

• Microsoft / internet_information_server4.0 – 4.0
• Microsoft / site_server3.0 – 3.0
• Microsoft / site_server_commerce3.0 – 3.0

References

• MISChttp://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401
• MISChttp://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061