var-200012-0153
Vulnerability from variot
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. A vulnerability exists in Microsoft IIS 4 and 5 such that an attacker visiting an IIS web site can execute arbitrary code with the privileges of the IUSR_machinename account. This vulnerability is referred to as the "Web Server Folder Directory Traversal" vulnerability. This vulnerability has characteristics similar to vulnerabilities that have been widely exploited in the past. Unless remedial action is taken, we believe it is likely that systems with this vulnerability will be compromised. Microsoft IIS Is "/" When " " For notation UNICODE If an extended expression is used, there is a vulnerability that discloses directory information using relative path notation.Web Files on the same logical drive as the root directory may be altered, executed, or deleted. Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default, therefore, any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted, modified, or executed. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever. (March 18, 2001) This is the vulnerability exploited by the Code Blue Worm. UPDATE: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200012-0153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "personal web server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111677"
},
{
"db": "BID",
"id": "1806"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nsfocus Security Team\u203b security@nsfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
}
],
"trust": 0.6
},
"cve": "CVE-2000-0884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0884",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#111677",
"trust": 0.8,
"value": "68.40"
},
{
"author": "NVD",
"id": "CVE-2000-0884",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200012-156",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111677"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the \"Web Server Folder Traversal\" vulnerability. A vulnerability exists in Microsoft IIS 4 and 5 such that an attacker visiting an IIS web site can execute arbitrary code with the privileges of the IUSR_machinename account. This vulnerability is referred to as the \"Web Server Folder Directory Traversal\" vulnerability. This vulnerability has characteristics similar to vulnerabilities that have been widely exploited in the past. Unless remedial action is taken, we believe it is likely that systems with this vulnerability will be compromised. Microsoft IIS Is \"/\" When \" \" For notation UNICODE If an extended expression is used, there is a vulnerability that discloses directory information using relative path notation.Web Files on the same logical drive as the root directory may be altered, executed, or deleted. Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot \"../\" directory traversal exploitation if extended UNICODE character representations are used in substitution for \"/\" and \"\\\". \nUnauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default, therefore, any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted, modified, or executed. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever. (March 18, 2001)\nThis is the vulnerability exploited by the Code Blue Worm. \n**UPDATE**: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0884"
},
{
"db": "CERT/CC",
"id": "VU#111677"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"db": "BID",
"id": "1806"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1806",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2000-0884",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "436",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#111677",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080",
"trust": 0.8
},
{
"db": "MS",
"id": "MS00-078",
"trust": 0.6
},
{
"db": "XF",
"id": "5377",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:44",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200012-156",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111677"
},
{
"db": "BID",
"id": "1806"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"id": "VAR-200012-0153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:40:48.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS00-078",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx"
},
{
"title": "MS00-078",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms00-078.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/1806"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/436"
},
{
"trust": 1.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-078.asp"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5377"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a44"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-057.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0884"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0884"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5377.php"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:44"
},
{
"trust": 0.3,
"url": "http://www.f-secure.com/v-descs/codeblue.shtml"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/fq00-078.asp"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/88/213279"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/378aff922154e6f3b87f6dbf42457338.html"
},
{
"trust": 0.3,
"url": "http://www.antivirus.com/vinfo/virusencyclo/default5.asp?vname=troj_bluecode.a"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111677"
},
{
"db": "BID",
"id": "1806"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#111677"
},
{
"db": "BID",
"id": "1806"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#111677"
},
{
"date": "2000-10-17T00:00:00",
"db": "BID",
"id": "1806"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"date": "2000-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"date": "2000-12-19T05:00:00",
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#111677"
},
{
"date": "2000-10-17T00:00:00",
"db": "BID",
"id": "1806"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000080"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200012-156"
},
{
"date": "2018-10-30T16:25:10.357000",
"db": "NVD",
"id": "CVE-2000-0884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url",
"sources": [
{
"db": "CERT/CC",
"id": "VU#111677"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200012-156"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…