Unrated severityNVD Advisory· Published May 6, 2000· Updated Apr 16, 2026

CVE-2000-0413

Description

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Affected products

Microsoft/Frontpage
cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*
Microsoft/Internet Information Server
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2000-05/0084.htmlnvd
www.securityfocus.com/bid/1174nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.048
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000