var-200212-0417
Vulnerability from variot
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Windows XP Shipped with by default Microsoft IIS 5.1 Has a problem that exposes detailed system information. IIS 5.1 Created by default installation of _vti_pvt Folder FrontPage Necessary when using. here Server Extensions There are various useful information, such as information such as page updates. this _vti_pvt The following in the folder .cnf File to remote attacker GET By sending a request, Web By revealing the structure and ownership of the site, the absolute path to each file, etc., there is a possibility that useful information will be taken for attackers who are conducting preliminary investigations on the host. < GET Files that disclose system information upon request> ・ ・ access.cnf ・ ・ botinfs.cnf ・ ・ bots.cnf ・ ・ linkinfo.cnf Also, as below /iishelp/common/colegal.htm about GET Sending a request could allow a remote attacker to access other files. GET /iishelp/common/colegal.htm:../../../../../_vti_bin/_vti_adm/admin.dll According to a further report, in order for this issue to be established, _vti_pvt The setting must allow read permission for the folder. Allegedly, submitting a request for one of the vulnerable files by way of '/_vti_pvt/', will cause the host to reveal system path information. The reported problematic files are 'access.cnf', 'botinfs.cnf', 'bots.cnf' and 'linkinfo.cnf'. Microsoft has not confirmed the existence of these vulnerabilities. * Confliciting details exist. This issue may be the result of a configuration error, although this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "4078"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Adonis.No.Spam \u003cadonis1@videotron.ca\u003e.",
"sources": [
{
"db": "BID",
"id": "4078"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
}
],
"trust": 0.9
},
"cve": "CVE-2002-1717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1717",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1717",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2002-1717",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-797",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Windows XP Shipped with by default Microsoft IIS 5.1 Has a problem that exposes detailed system information. IIS 5.1 Created by default installation of _vti_pvt Folder FrontPage Necessary when using. here Server Extensions There are various useful information, such as information such as page updates. this _vti_pvt The following in the folder .cnf File to remote attacker GET By sending a request, Web By revealing the structure and ownership of the site, the absolute path to each file, etc., there is a possibility that useful information will be taken for attackers who are conducting preliminary investigations on the host. \u003c GET Files that disclose system information upon request\u003e \u30fb \u30fb access.cnf \u30fb \u30fb botinfs.cnf \u30fb \u30fb bots.cnf \u30fb \u30fb linkinfo.cnf Also, as below /iishelp/common/colegal.htm about GET Sending a request could allow a remote attacker to access other files. GET /iishelp/common/colegal.htm:../../../../../_vti_bin/_vti_adm/admin.dll According to a further report, in order for this issue to be established, _vti_pvt The setting must allow read permission for the folder. \nAllegedly, submitting a request for one of the vulnerable files by way of \u0027/_vti_pvt/\u0027, will cause the host to reveal system path information. The reported problematic files are \u0027access.cnf\u0027, \u0027botinfs.cnf\u0027, \u0027bots.cnf\u0027 and \u0027linkinfo.cnf\u0027. \nMicrosoft has not confirmed the existence of these vulnerabilities. \n* Confliciting details exist. This issue may be the result of a configuration error, although this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1717"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"db": "BID",
"id": "4078"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4078",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2002-1717",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000027",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "4078"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"id": "VAR-200212-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-22T23:10:06.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/ja/jp/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.securityfocus.com/bid/4078"
},
{
"trust": 2.6,
"url": "http://online.securityfocus.com/archive/1/255555"
},
{
"trust": 2.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8174"
},
{
"trust": 2.6,
"url": "http://online.securityfocus.com/archive/1/256125"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1717"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1717"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "4078"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-02-11T00:00:00",
"db": "BID",
"id": "4078"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-02-11T00:00:00",
"db": "BID",
"id": "4078"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000027"
},
{
"date": "2020-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-797"
},
{
"date": "2024-11-20T23:41:57.063000",
"db": "NVD",
"id": "CVE-2002-1717"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS System information disclosure vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000027"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-797"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…