ID

VAR-199901-0163


CVE

CVE-1999-0450


TITLE

Microsoft IIS of ISAPI By extension Web Vulnerability where the root directory path information is leaked

Trust: 0.8

sources: JVNDB: JVNDB-2000-000004

DESCRIPTION

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). Microsoft IIS Is ISAPI Mapped to extension by extension idq And .pl Files that do not actually exist GET Upon receiving the request, With error message Web A vulnerability exists that displays the absolute path of the root directory.You may get important information about your system. This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file. Example: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\ bogus.pl": No such file or directory

Trust: 1.89

sources: NVD: CVE-1999-0450 // JVNDB: JVNDB-2000-000004 // BID: 194

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:3.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:2.0

Trust: 1.1

vendor:microsoftmodel:internet information servicesscope:eqversion:2.0

Trust: 1.0

vendor:microsoftmodel:internet information serverscope:eqversion:2.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

sources: BID: 194 // JVNDB: JVNDB-2000-000004 // CNNVD: CNNVD-199901-051 // NVD: CVE-1999-0450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0450
value: HIGH

Trust: 1.0

NVD: CVE-1999-0450
value: HIGH

Trust: 0.8

CNNVD: CNNVD-199901-051
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-1999-0450
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2000-000004 // CNNVD: CNNVD-199901-051 // NVD: CVE-1999-0450

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199901-051

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199901-051

CONFIGURATIONS

sources: JVNDB: JVNDB-2000-000004

PATCH

title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2000-000004

EXTERNAL IDS

db:NVDid:CVE-1999-0450

Trust: 2.7

db:BIDid:194

Trust: 2.7

db:JVNDBid:JVNDB-2000-000004

Trust: 0.8

db:CNNVDid:CNNVD-199901-051

Trust: 0.6

sources: BID: 194 // JVNDB: JVNDB-2000-000004 // CNNVD: CNNVD-199901-051 // NVD: CVE-1999-0450

REFERENCES

url:http://www.securityfocus.com/bid/194

Trust: 3.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0450

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0450

Trust: 0.8

sources: JVNDB: JVNDB-2000-000004 // CNNVD: CNNVD-199901-051 // NVD: CVE-1999-0450

CREDITS

This vulnerability was first posted to the NTBugtraq mailing list by David Litchfield (Mnemonix).

Trust: 0.9

sources: BID: 194 // CNNVD: CNNVD-199901-051

SOURCES

db:BIDid:194
db:JVNDBid:JVNDB-2000-000004
db:CNNVDid:CNNVD-199901-051
db:NVDid:CVE-1999-0450

LAST UPDATE DATE

2024-11-22T23:10:13.587000+00:00


SOURCES UPDATE DATE

db:BIDid:194date:2009-07-11T00:16:00
db:JVNDBid:JVNDB-2000-000004date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199901-051date:2020-11-25T00:00:00
db:NVDid:CVE-1999-0450date:2024-11-20T23:28:46.007

SOURCES RELEASE DATE

db:BIDid:194date:1999-01-26T00:00:00
db:JVNDBid:JVNDB-2000-000004date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199901-051date:1999-01-26T00:00:00
db:NVDid:CVE-1999-0450date:1999-01-26T05:00:00