Test query:
GET /\xC0\xAF HTTP/1.1\r\n
Chain of Reasoning:
CVE-2000-0884 exploited exactly this pattern. Microsoft IIS on Windows decoded overlong UTF-8 sequences in URLs, allowing ..%c0%af.. to be interpreted as ../../.
|
4. **CVE-2000-0884 exploited exactly this pattern.** Microsoft IIS on Windows decoded overlong UTF-8 sequences in URLs, allowing `..%c0%af..` to be interpreted as `../../`. This enabled remote directory traversal, giving attackers access to files outside the web root. RFC 3629 Section 10 explicitly references this class of attack, noting "a widespread virus attacking Web servers in 2001" exploited overlong UTF-8 mishandling. |
This CVE-2000-0884 refers to a completely different type of request: GET /%C0%AF HTTP/1.1\r\n
Test query:
Chain of Reasoning:
This CVE-2000-0884 refers to a completely different type of request:
GET /%C0%AF HTTP/1.1\r\n