ID

VAR-199902-0004


CVE

CVE-1999-1375


TITLE

NT use ASP and FSO Read server file vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199902-023

DESCRIPTION

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server

Trust: 1.17

sources: NVD: CVE-1999-1375 // BID: 230

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:3.0

Trust: 0.3

sources: BID: 230 // CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1375
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199902-023
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-1999-1375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199902-023

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-199902-023

EXTERNAL IDS

db:NVDid:CVE-1999-1375

Trust: 1.9

db:BIDid:230

Trust: 1.9

db:NTBUGTRAQid:19990211 USING FSO IN ASP TO VIEW JUST ABOUT ANYTHING

Trust: 0.6

db:CNNVDid:CNNVD-199902-023

Trust: 0.6

sources: BID: 230 // CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

REFERENCES

url:http://www.securityfocus.com/bid/230

Trust: 2.6

url:http://marc.info/?l=ntbugtraq&m=91877455626320&w=2

Trust: 2.0

url:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91877455626320&w=2

Trust: 0.6

sources: CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

CREDITS

This vulnerability was posted to NTBugtraq by Gary Geisbert <gary@NEWSLETTERS.COM>.

Trust: 0.9

sources: BID: 230 // CNNVD: CNNVD-199902-023

SOURCES

db:BIDid:230
db:CNNVDid:CNNVD-199902-023
db:NVDid:CVE-1999-1375

LAST UPDATE DATE

2024-11-22T23:00:12.251000+00:00


SOURCES UPDATE DATE

db:BIDid:230date:2009-07-11T00:16:00
db:CNNVDid:CNNVD-199902-023date:2005-10-20T00:00:00
db:NVDid:CVE-1999-1375date:2024-11-20T23:30:57.880

SOURCES RELEASE DATE

db:BIDid:230date:1999-02-11T00:00:00
db:CNNVDid:CNNVD-199902-023date:1999-02-11T00:00:00
db:NVDid:CVE-1999-1375date:1999-02-11T05:00:00