First published: Fri Oct 13 2000(Updated: )
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Information Services (IIS) | =5.0 | |
Microsoft Internet Information Services | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0770 is considered a medium severity vulnerability due to its potential to allow unauthorized access to sensitive files.
Fixing CVE-2000-0770 requires tightening file and directory permissions to ensure that sensitive files are not accessible through less restrictive parent folders.
CVE-2000-0770 affects Microsoft Internet Information Server versions 4.0 and 5.0.
Exploiting CVE-2000-0770 can allow remote attackers to bypass access restrictions and gain unauthorized access to sensitive files.
You can assess vulnerability to CVE-2000-0770 by reviewing file permissions and ensuring that sensitive files have restrictive access compared to their parent directories.