ID CVE-2000-0302
Summary Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
References
Vulnerable Configurations
  • Microsoft index_server 2.0
    cpe:2.3:a:microsoft:index_server:2.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability. CVE-2000-0302 . Remote exploit for windows platform
id EDB-ID:19830
last seen 2016-02-02
modified 2000-03-31
published 2000-03-31
reporter David Litchfield
source https://www.exploit-db.com/download/19830/
title Microsoft Index Server 2.0 - '%20' ASP Source Disclosure Vulnerability
nessus via4
  • NASL family Web Servers
    NASL id IIS_ANYTHING_IDQ.NASL
    description The remote version of IIS is affected by two vulnerabilities : - An information disclosure issue allows a remote attacker to obtain the real pathname of the document root by requesting nonexistent files with .ida or .idq extensions. - An argument validation issue in the WebHits component lets a remote attacker read arbitrary files on the remote server. The path disclosure issue has been reported to affect Microsoft Index Server as well.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 10492
    published 2000-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10492
    title MS00-006: Microsoft IIS IDA/IDQ Multiple Vulnerabilities (uncredentialed check)
  • NASL family Web Servers
    NASL id MS_INDEX_SERVER.NASL
    description It is possible to get the source code of ASP scripts by issuing a specially crafted request. ASP source codes usually contain sensitive information such as usernames and passwords.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 10356
    published 2000-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10356
    title Microsoft IIS WebHits null.htw .asp Source Disclosure
refmap via4
bid 1084
bugtraq 20000331 Alert: MS Index Server (CISADV000330)
ms MS00-006
osvdb 271
xf http-indexserver-asp-source
Last major update 17-10-2016 - 22:06
Published 31-03-2000 - 00:00
Last modified 12-10-2018 - 17:29
Back to Top