← CVECheck
HomeVulnerabilities

CVE-2000-0024 — MEDIUM severity vulnerability (IIS does not properly canonicalize URLs, potentially allowin)

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

CVE IDCVE-2000-0024
SeverityMEDIUM
CVSS score6.4
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:N
CWENVD-CWE-Other
StatusModified
Published1999-12-21
Last modified2026-04-16
DescriptionIIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →