CVE-2001-0507 - IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users

CVE-2001-0507

Summary

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2007-08-02T14:47:16.301-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.

description

family

windows

oval:org.mitre.oval:def:909

status

accepted

submitted

2004-05-04T12:00:00.000-04:00

title

Windows NT IIS System File Listing Privilege Elevation Vulnerability

version

accepted

2005-02-16T12:00:00.000-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Christine Walzer
organization The MITRE Corporation

description

family

windows

oval:org.mitre.oval:def:912

status

accepted

submitted

2004-05-04T12:00:00.000-04:00

title

Windows 2000 IIS System File Listing Privilege Elevation Vulnerability

version

refmap via4

bugtraq	20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS
ciac	L-132
osvdb	5607
xf	iis-relative-path-privilege-elevation(6985)

Last major update

30-10-2018 - 16:25

Published

20-09-2001 - 04:00

Last modified

30-10-2018 - 16:25