ID

VAR-199902-0053


CVE

CVE-1999-0412


TITLE

Microsoft internet information server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199902-043

DESCRIPTION

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. This works because of the way the server calls the GetExtensionVersion() function the first time an ISAPI extension is loaded. Any user able to put a CGI script in the web structure can insert code that will be run as SYSTEM during this window

Trust: 1.17

sources: NVD: CVE-1999-0412 // BID: 501

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:2.0

Trust: 1.0

vendor:microsoftmodel:internet information serverscope:eqversion:2.0

Trust: 0.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:2.0

Trust: 0.3

sources: BID: 501 // CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0412
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199902-043
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-1999-0412
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199902-043

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199902-043

EXTERNAL IDS

db:BIDid:501

Trust: 1.9

db:NVDid:CVE-1999-0412

Trust: 1.6

db:CNNVDid:CNNVD-199902-043

Trust: 0.6

sources: BID: 501 // CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

REFERENCES

url:http://www.securityfocus.com/bid/501

Trust: 2.6

sources: CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

CREDITS

First posted to NTbugtraq on March 8, 1999 by Fabien Royer <fabienr@BELLATLANTIC.NET>.

Trust: 0.9

sources: BID: 501 // CNNVD: CNNVD-199902-043

SOURCES

db:BIDid:501
db:CNNVDid:CNNVD-199902-043
db:NVDid:CVE-1999-0412

LAST UPDATE DATE

2024-11-22T22:54:55.623000+00:00


SOURCES UPDATE DATE

db:BIDid:501date:1999-03-08T00:00:00
db:CNNVDid:CNNVD-199902-043date:2020-11-24T00:00:00
db:NVDid:CVE-1999-0412date:2024-11-20T23:28:40.710

SOURCES RELEASE DATE

db:BIDid:501date:1999-03-08T00:00:00
db:CNNVDid:CNNVD-199902-043date:1999-02-19T00:00:00
db:NVDid:CVE-1999-0412date:1999-02-19T05:00:00