var-199902-0037
Vulnerability from variot
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Microsoft IIS is a popular web server package for Windows NT based platforms. Version 4.0 of IIS installs a remotely accessible directory, /IISADMPWD - mapped to c:\winnt\system32\inetsrv\iisadmpwd, which contains a number of vulnerable .HTR files. These were designed to allow system administrators the ability to provide HTTP based password change services to network users. The affected files, achg.htr, aexp.htr, and anot.htr can be used in this manner. A microsoft bulletin on the feature recommends using /IISADMPWD/aexp.htr for this purpose. Requesting one of the listed .htr files returns a form that requests the account name, current password, and changed password. This can be used to determine whether or not the account requested exists on the host, as well as conduct brute force attacks. If the account does not exist, the message "invalid domain" is returned - if it does, but the password change was unsuccessful, the attacker is notified. This be used against the server and against other machines connected to the local network (and possibly even other machines on the internet), by preceding the account name with an IP address and a backslash. (e.g., XXX.XXX.XXX.XXX\ACCOUNT) The server contacts the networked machine through the NetBIOS session port and attempts to change the password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199902-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "2110"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Litchfield\u203b mnemonix@globalnet.co.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
}
],
"trust": 0.6
},
"cve": "CVE-1999-0407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0407",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0407",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-1999-0407",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-199902-018",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. Microsoft IIS is a popular web server package for Windows NT based platforms. Version 4.0 of IIS installs a remotely accessible directory, /IISADMPWD - mapped to c:\\winnt\\system32\\inetsrv\\iisadmpwd, which contains a number of vulnerable .HTR files. These were designed to allow system administrators the ability to provide HTTP based password change services to network users. The affected files, achg.htr, aexp*.htr, and anot*.htr can be used in this manner. A microsoft bulletin on the feature recommends using /IISADMPWD/aexp.htr for this purpose. Requesting one of the listed .htr files returns a form that requests the account name, current password, and changed password. \nThis can be used to determine whether or not the account requested exists on the host, as well as conduct brute force attacks. If the account does not exist, the message \"invalid domain\" is returned - if it does, but the password change was unsuccessful, the attacker is notified. This be used against the server and against other machines connected to the local network (and possibly even other machines on the internet), by preceding the account name with an IP address and a backslash. (e.g., XXX.XXX.XXX.XXX\\ACCOUNT) The server contacts the networked machine through the NetBIOS session port and attempts to change the password",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0407"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"db": "BID",
"id": "2110"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0407",
"trust": 2.4
},
{
"db": "BID",
"id": "2110",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000001",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "19990209 RE: IIS4 ALLOWS PROXIED PASSWORD ATTACKS OVER NETBIOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "19990209 ALERT: IIS4 ALLOWS PROXIED PASSWORD ATTACKS OVER NETBIOS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-199902-018",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "2110"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"id": "VAR-199902-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-22T23:12:12.997000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/ja/jp/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=91983486431506\u0026w=2"
},
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=92000623021036\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0407"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0407"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2110"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92000623021036\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=91983486431506\u0026w=2"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q184/6/19.asp"
}
],
"sources": [
{
"db": "BID",
"id": "2110"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "2110"
},
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1998-02-09T00:00:00",
"db": "BID",
"id": "2110"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"date": "1998-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"date": "1999-02-09T05:00:00",
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1998-02-09T00:00:00",
"db": "BID",
"id": "2110"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1998-000001"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199902-018"
},
{
"date": "2024-11-20T23:28:39.997000",
"db": "NVD",
"id": "CVE-1999-0407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS of IISADMPWD Vulnerability in obtaining user account information in virtual directories",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1998-000001"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199902-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…