ID

VAR-200003-0023


CVE

CVE-2000-0246


TITLE

Microsoft IIS UNC Mapping virtual host vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200003-052

DESCRIPTION

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. Files located on the local drive where IIS is installed is not affected by this vulnerability

Trust: 1.17

sources: NVD: CVE-2000-0246 // BID: 1081

AFFECTED PRODUCTS

vendor:microsoftmodel:proxy serverscope:eqversion:2.0

Trust: 1.9

vendor:microsoftmodel:commercial internet systemscope:eqversion:2.5

Trust: 1.9

vendor:microsoftmodel:commercial internet systemscope:eqversion:2.0

Trust: 1.9

vendor:microsoftmodel:site serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:site server commercescope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:site server commerce edition i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:iis alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

sources: BID: 1081 // CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0246
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200003-052
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2000-0246
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200003-052

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200003-052

EXTERNAL IDS

db:BIDid:1081

Trust: 1.9

db:NVDid:CVE-2000-0246

Trust: 1.6

db:MSid:MS00-019

Trust: 0.6

db:MSKBid:Q249599

Trust: 0.6

db:CNNVDid:CNNVD-200003-052

Trust: 0.6

sources: BID: 1081 // CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

REFERENCES

url:http://www.microsoft.com/technet/support/kb.asp?id=249599

Trust: 2.9

url:http://www.securityfocus.com/bid/1081

Trust: 2.6

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019

Trust: 2.0

url:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/fq00-019.asp

Trust: 0.3

sources: BID: 1081 // CNNVD: CNNVD-200003-052 // NVD: CVE-2000-0246

CREDITS

Discovered by Adam Coyne <adam@coyne.nu> and publicized in Microsoft Security Bulletin (MS00-019) on March 30, 2000.

Trust: 0.9

sources: BID: 1081 // CNNVD: CNNVD-200003-052

SOURCES

db:BIDid:1081
db:CNNVDid:CNNVD-200003-052
db:NVDid:CVE-2000-0246

LAST UPDATE DATE

2024-11-22T23:14:58.802000+00:00


SOURCES UPDATE DATE

db:BIDid:1081date:2000-03-30T00:00:00
db:CNNVDid:CNNVD-200003-052date:2006-09-25T00:00:00
db:NVDid:CVE-2000-0246date:2024-11-20T23:32:03.593

SOURCES RELEASE DATE

db:BIDid:1081date:2000-03-30T00:00:00
db:CNNVDid:CNNVD-200003-052date:2000-03-30T00:00:00
db:NVDid:CVE-2000-0246date:2000-03-30T05:00:00