CVE-2000-0770 - IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folder

CVE-2000-0770

Summary

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

References

http://www.securityfocus.com/bid/1565
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid

1565

Last major update

30-10-2018 - 16:25

Published

20-10-2000 - 04:00

Last modified

30-10-2018 - 16:25