Details of VAR-200003-0023

ID

VAR-200003-0023

CVE

CVE-2000-0246

TITLE

Microsoft IIS UNC Mapping virtual host vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200003-052

DESCRIPTION

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. Files located on the local drive where IIS is installed is not affected by this vulnerability

Trust: 1.17

sources: NVD: CVE-2000-0246 // BID: 1081

AFFECTED PRODUCTS

vendor:	microsoft	model:	proxy server	scope:	eq	version:	2.0	Trust: 1.9
vendor:	microsoft	model:	commercial internet system	scope:	eq	version:	2.5	Trust: 1.9
vendor:	microsoft	model:	commercial internet system	scope:	eq	version:	2.0	Trust: 1.9
vendor:	microsoft	model:	site server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	site server commerce	scope:	eq	version:	3.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	site server commerce edition i386	scope:	eq	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	site server commerce edition alpha	scope:	eq	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 1081 // CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0246
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200003-052
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2000-0246
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200003-052

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200003-052

EXTERNAL IDS

db:	BID	id:	1081	Trust: 1.9
db:	NVD	id:	CVE-2000-0246	Trust: 1.6
db:	MS	id:	MS00-019	Trust: 0.6
db:	MSKB	id:	Q249599	Trust: 0.6
db:	CNNVD	id:	CNNVD-200003-052	Trust: 0.6

sources: BID: 1081 // CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

REFERENCES

url:	http://www.microsoft.com/technet/support/kb.asp?id=249599	Trust: 1.9
url:	http://www.securityfocus.com/bid/1081	Trust: 1.6
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019	Trust: 1.0
url:	http://www.microsoft.com/technet/security/bulletin/ms00-019.asp	Trust: 0.6
url:	http://www.microsoft.com/technet/security/bulletin/fq00-019.asp	Trust: 0.3

sources: BID: 1081 // CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

CREDITS

Discovered by Adam Coyne <adam@coyne.nu> and publicized in Microsoft Security Bulletin (MS00-019) on March 30, 2000.

Trust: 0.9

sources: BID: 1081 // CNNVD: CNNVD-200003-052

SOURCES

db:	BID	id:	1081
db:	CNNVD	id:	CNNVD-200003-052
db:	NVD	id:	CVE-2000-0246

LAST UPDATE DATE

2024-08-14T14:48:21.564000+00:00

SOURCES UPDATE DATE

db:	BID	id:	1081	date:	2000-03-30T00:00:00
db:	CNNVD	id:	CNNVD-200003-052	date:	2006-09-25T00:00:00
db:	NVD	id:	CVE-2000-0246	date:	2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:	BID	id:	1081	date:	2000-03-30T00:00:00
db:	CNNVD	id:	CNNVD-200003-052	date:	2000-03-30T00:00:00
db:	NVD	id:	CVE-2000-0246	date:	2000-03-30T05:00:00