CVE-2001-0004 — MEDIUM severity vulnerability (IIS 5.0 and 4.0 allows remote attackers to read the source c)
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
| CVE ID | CVE-2001-0004 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 5.0 |
| CVSS vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2001-02-12 |
| Last modified | 2026-04-16 |
| Description | IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →