CVE-2000-0024

N/A Unknown

Published: December 21, 1999 Modified: April 16, 2026

Description

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401

Source: cve@mitre.org

http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061

Source: cve@mitre.org

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061

Source: af854a3a-2127-422b-91ae-364da2661108

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

12.0%

94th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

microsoft