Details of VAR-199902-0004

ID

VAR-199902-0004

CVE

CVE-1999-1375

TITLE

NT use ASP and FSO Read server file vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199902-023

DESCRIPTION

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server

Trust: 1.17

sources: NVD: CVE-1999-1375 // BID: 230

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 230 // CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1375
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-199902-023
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-1999-1375
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199902-023

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-199902-023

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1375	Trust: 1.9
db:	BID	id:	230	Trust: 1.9
db:	NTBUGTRAQ	id:	19990211 USING FSO IN ASP TO VIEW JUST ABOUT ANYTHING	Trust: 0.6
db:	CNNVD	id:	CNNVD-199902-023	Trust: 0.6

sources: BID: 230 // CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

REFERENCES

url:	http://www.securityfocus.com/bid/230	Trust: 1.6
url:	http://marc.info/?l=ntbugtraq&m=91877455626320&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=ntbugtraq&m=91877455626320&w=2	Trust: 0.6

sources: CNNVD: CNNVD-199902-023 // NVD: CVE-1999-1375

CREDITS

This vulnerability was posted to NTBugtraq by Gary Geisbert <gary@NEWSLETTERS.COM>.

Trust: 0.9

sources: BID: 230 // CNNVD: CNNVD-199902-023

SOURCES

db:	BID	id:	230
db:	CNNVD	id:	CNNVD-199902-023
db:	NVD	id:	CVE-1999-1375

LAST UPDATE DATE

2024-08-14T14:54:01.617000+00:00

SOURCES UPDATE DATE

db:	BID	id:	230	date:	2009-07-11T00:16:00
db:	CNNVD	id:	CNNVD-199902-023	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-1999-1375	date:	2016-10-18T02:03:44.907

SOURCES RELEASE DATE

db:	BID	id:	230	date:	1999-02-11T00:00:00
db:	CNNVD	id:	CNNVD-199902-023	date:	1999-02-11T00:00:00
db:	NVD	id:	CVE-1999-1375	date:	1999-02-11T05:00:00