CVE-1999-0253

high

Microsoft

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

3.0%

Exploitation probability in 30 days

Top 13% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: January 1, 1997 (10725 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

CWE

NVD-CWE-Other

Affected Products

microsoft internet information servermicrosoft internet information services

References

🔗 www.securityfocus.com 🔗 www.securityfocus.com

CVE-1999-0253

Vulnerability Report

Description

CWE

Affected Products

References