CVE-2000-0630 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	21%	–	–
2022-04-03	–	–	21%	–	–
2023-02-26	–	–	21%	–	–
2023-03-12	–	–	–	95.27%	–
2023-03-26	–	–	–	76.96%	–
2024-06-02	–	–	–	76.96%	–
2025-01-19	–	–	–	76.96%	–
2025-03-18	–	–	–	–	88.47%
2025-03-30	–	–	–	–	84.39%
2025-03-30	–	–	–	–	84.39,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	94%
2022-04-03	96%
2023-02-26	97%
2023-03-12	99%
2023-03-26	98%
2024-06-02	98%
2025-01-19	98%
2025-03-18	99%
2025-03-30	99%
2025-03-30	99%

source: https://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file. Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first '<%' encountered - '<%' and '%>' are server-side script delimiters. Pages which use the <script runat=server></script> delimiters instead will display the entire source, or up to any '<%' in the page. This vulnerability is a variant of a previously discovered vulnerability, BugTraq ID 1193. http://victim/global.asa+.htr