Details of VAR-200005-0057

ID

VAR-200005-0057

CVE

CVE-2000-0413

TITLE

Microsoft Frontpage Server extension shtml.exe/shtml.dll Absolute path leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200005-031

DESCRIPTION

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. Passing a path to a non-existent file to the shtml.exe or shtml.dll (depending on platform) program will display an error message stating that the file cannot be found accompanied by the full local path to the web root. For example, performing a request for http://target/_vti_bin/shtml.dll/non_existant_file.html will produce an error message stating "Cannot open "C:\localpath\non_existant_file.html": no such file or folder"

Trust: 1.17

sources: NVD: CVE-2000-0413 // BID: 1174

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	frontpage	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	frontpage	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	frontpage server extensions module for apache	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	microsoft	model:	frontpage server extensions sr	scope:	eq	version:	20001.0	Trust: 0.3
vendor:	microsoft	model:	frontpage server extensions sr	scope:	ne	version:	20001.2	Trust: 0.3

sources: BID: 1174 // CNNVD: CNNVD-200005-031 // NVD: CVE-2000-0413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0413
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200005-031
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2000-0413
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200005-031 // NVD: CVE-2000-0413

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200005-031

TYPE

Design Error

Trust: 0.9

sources: BID: 1174 // CNNVD: CNNVD-200005-031

EXTERNAL IDS

db:	NVD	id:	CVE-2000-0413	Trust: 1.9
db:	BID	id:	1174	Trust: 1.9
db:	BUGTRAQ	id:	20000506 SHTML.EXE REVEAL LOCAL PATH OF IIS WEB DIRECTORY	Trust: 0.6
db:	NSFOCUS	id:	3378	Trust: 0.6
db:	CNNVD	id:	CNNVD-200005-031	Trust: 0.6

sources: BID: 1174 // CNNVD: CNNVD-200005-031 // NVD: CVE-2000-0413

REFERENCES

url:	http://www.securityfocus.com/bid/1174	Trust: 2.6
url:	http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html	Trust: 2.6
url:	http://www.nsfocus.net/vulndb/3378	Trust: 0.6

sources: CNNVD: CNNVD-200005-031 // NVD: CVE-2000-0413

CREDITS

Frankie Zie※ root@cnns.net

Trust: 0.6

sources: CNNVD: CNNVD-200005-031

SOURCES

db:	BID	id:	1174
db:	CNNVD	id:	CNNVD-200005-031
db:	NVD	id:	CVE-2000-0413

LAST UPDATE DATE

2024-11-22T23:00:47.089000+00:00

SOURCES UPDATE DATE

db:	BID	id:	1174	date:	2009-07-11T01:56:00
db:	CNNVD	id:	CNNVD-200005-031	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2000-0413	date:	2024-11-20T23:32:26.913

SOURCES RELEASE DATE

db:	BID	id:	1174	date:	2000-05-06T00:00:00
db:	CNNVD	id:	CNNVD-200005-031	date:	2000-05-06T00:00:00
db:	NVD	id:	CVE-2000-0413	date:	2000-05-06T04:00:00