← CVECheck
HomeVulnerabilities

CVE-2001-0004 — MEDIUM severity vulnerability (IIS 5.0 and 4.0 allows remote attackers to read the source c)

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

CVE IDCVE-2001-0004
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2001-02-12
Last modified2026-04-16
DescriptionIIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →