Sign-up

ID

VAR-199905-0028


CVE

CVE-1999-0736


TITLE

Microsoft IIS of showcode.asp Vulnerability to view arbitrary files in files

Trust: 0.8

sources: JVNDB: JVNDB-1999-000009

DESCRIPTION

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. IIS 4.0 installs a number of sample ASP scripts including one called "showcode.asp". This script allows clients to view the source of other sample scripts via a browser. The "showcode.asp" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for ".." in the path of the requested file. The script takes one parameter, "source", which is the file to view. The script's default location URL is: http://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp Similar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe

Trust: 1.89

sources: NVD: CVE-1999-0736 // JVNDB: JVNDB-1999-000009 // BID: 167

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:site server commerce edition sp2 i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp2 alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp1 i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp1 alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp2 i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp2 alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp1 i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp1 alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:iis alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp4 i386scope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp4 alphascope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp3 i386scope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition sp3 alphascope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp4 i386scope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp4 alphascope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp3 i386scope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server sp3 alphascope:neversion:3.0

Trust: 0.3

sources: BID: 167 // JVNDB: JVNDB-1999-000009 // CNNVD: CNNVD-199905-018 // NVD: CVE-1999-0736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0736
value: MEDIUM

Trust: 1.0

NVD: CVE-1999-0736
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-199905-018
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-1999-0736
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-1999-000009 // CNNVD: CNNVD-199905-018 // NVD: CVE-1999-0736

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199905-018

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-199905-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-1999-000009

PATCH
title:MS99-013url:http://www.microsoft.com/technet/security/bulletin/MS99-013.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-1999-000009

EXTERNAL IDS
db:NVDid:CVE-1999-0736
Trust: 2.7
db:BIDid:167
Trust: 1.1
db:JVNDBid:JVNDB-1999-000009
Trust: 0.8
db:MSid:MS99-013
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:932
Trust: 0.6
db:NSFOCUSid:3400
Trust: 0.6
db:CNNVDid:CNNVD-199905-018
Trust: 0.6
sources:
            
            
            BID: 167 // 
            
            
            
            JVNDB: JVNDB-1999-000009 // 
            
            
            
            CNNVD: CNNVD-199905-018 // 
            
            
            
            NVD: CVE-1999-0736

REFERENCES
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a932
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0736
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0736
Trust: 0.8
url:http://www.securityfocus.com/bid/167
Trust: 0.8
url:http://www.microsoft.com/technet/security/bulletin/ms99-013.asp
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:932
Trust: 0.6
url:http://www.nsfocus.net/vulndb/3400
Trust: 0.6
url:http://support.microsoft.com/support/kb/articles/q231/3/68.asp
Trust: 0.3
url:http://support.microsoft.com/support/kb/articles/q231/6/56.asp
Trust: 0.3
url:http://www.ntsecurity.net/scripts/loader.asp?id=/security/siteserver-1.htm
Trust: 0.3
sources:
            
            
            BID: 167 // 
            
            
            
            JVNDB: JVNDB-1999-000009 // 
            
            
            
            CNNVD: CNNVD-199905-018 // 
            
            
            
            NVD: CVE-1999-0736

CREDITS
Parcens
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-199905-018

SOURCES
db:BIDid:167
db:JVNDBid:JVNDB-1999-000009
db:CNNVDid:CNNVD-199905-018
db:NVDid:CVE-1999-0736

LAST UPDATE DATE
2024-08-14T14:01:04.933000+00:00

SOURCES UPDATE DATE
db:BIDid:167date:2009-07-11T00:16:00
db:JVNDBid:JVNDB-1999-000009date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199905-018date:2012-05-07T00:00:00
db:NVDid:CVE-1999-0736date:2018-10-12T21:29:11.077

SOURCES RELEASE DATE
db:BIDid:167date:1999-05-07T00:00:00
db:JVNDBid:JVNDB-1999-000009date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199905-018date:1999-05-07T00:00:00
db:NVDid:CVE-1999-0736date:1999-05-07T04:00:00