Details of VAR-199902-0053

ID

VAR-199902-0053

CVE

CVE-1999-0412

TITLE

Microsoft internet information server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199902-043

DESCRIPTION

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. This works because of the way the server calls the GetExtensionVersion() function the first time an ISAPI extension is loaded. Any user able to put a CGI script in the web structure can insert code that will be run as SYSTEM during this window

Trust: 1.17

sources: NVD: CVE-1999-0412 // BID: 501

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	2.0	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	2.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 501 // CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0412
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199902-043
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-1999-0412
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199902-043

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199902-043

EXTERNAL IDS

db:	BID	id:	501	Trust: 1.9
db:	NVD	id:	CVE-1999-0412	Trust: 1.6
db:	CNNVD	id:	CNNVD-199902-043	Trust: 0.6

sources: BID: 501 // CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

REFERENCES

url:

http://www.securityfocus.com/bid/501

Trust: 1.6

sources: CNNVD: CNNVD-199902-043 // NVD: CVE-1999-0412

CREDITS

First posted to NTbugtraq on March 8, 1999 by Fabien Royer <fabienr@BELLATLANTIC.NET>.

Trust: 0.9

sources: BID: 501 // CNNVD: CNNVD-199902-043

SOURCES

db:	BID	id:	501
db:	CNNVD	id:	CNNVD-199902-043
db:	NVD	id:	CVE-1999-0412

LAST UPDATE DATE

2024-08-14T15:36:17.054000+00:00

SOURCES UPDATE DATE

db:	BID	id:	501	date:	1999-03-08T00:00:00
db:	CNNVD	id:	CNNVD-199902-043	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-1999-0412	date:	2020-11-23T19:49:23.783

SOURCES RELEASE DATE

db:	BID	id:	501	date:	1999-03-08T00:00:00
db:	CNNVD	id:	CNNVD-199902-043	date:	1999-02-19T00:00:00
db:	NVD	id:	CVE-1999-0412	date:	1999-02-19T05:00:00