Details of VAR-200006-0151

ID

VAR-200006-0151

CVE

CVE-2000-0778

TITLE

Microsoft IIS Vulnerabilities in source file information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2000-000057

DESCRIPTION

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. Microsoft IIS Is "Translate: f" Header added HTTP GET When a request is received, a flaw exists that locates the correct file but does not recognize it as a file that needs to be processed by the script engine and sends that file to the browser..ASP And .ASA And .HTR You may be able to view source files that have a normal extension that cannot be viewed. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. # Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure # Author: s4squatch # Published: 2010-02-11 Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team (www.securestate.com Discovered: 08/26/2008 Note: End of Engineering --> http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html XSS === http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest="> Java Servlet Source Code Disclosure =================================== The source code of .jhtml files is revealed to the end user by requesting any of the following: Normal File: file.html Modified 1: file%2Ejhtml Modified 2: file.jhtm%6C Modified 3: file.jhtml%00 Modified 4: file.jhtml%c0%80 Cisco Collaboration Server 5 Paths It Works On (list may not be complete) ========================================================================= http://www.website.com/doc/docindex.jhtml http://www.website.com/browserId/wizardForm.jhtml http://www.website.com/webline/html/forms/callback.jhtml http://www.website.com/webline/html/forms/callbackICM.jhtml http://www.website.com/webline/html/agent/AgentFrame.jhtml http://www.website.com/webline/html/agent/default/badlogin.jhtml http://www.website.com/callme/callForm.jhtml http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml http://www.website.com/browserId/wizard.jhtml http://www.website.com/admin/CiscoAdmin.jhtml http://www.website.com/msccallme/mscCallForm.jhtml http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml Related Public Info =================== http://www.securityfocus.com/bid/3592/info http://www.securityfocus.com/bid/1578/info http://www.securityfocus.com/bid/1328/info Scott White<mailto:swhite@securestate.com> | Senior Consultant | SecureState 623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax [cid:image001.png@01CAAB16.BDE852B0]<https://www.securestate.com/>

Trust: 2.25

sources: NVD: CVE-2000-0778 // JVNDB: JVNDB-2000-000057 // BID: 1328 // BID: 1578 // PACKETSTORM: 86199

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 1.1
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	unify	model:	ewave servletexec	scope:	eq	version:	3.0	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	3.0.2.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server	scope:	eq	version:	4.5.1	Trust: 0.3
vendor:	bea	model:	systems weblogic	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	bea	model:	systems weblogic	scope:	eq	version:	3.1.8	Trust: 0.3
vendor:	unify	model:	ewave servletexec c	scope:	ne	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	ne	version:	4.0	Trust: 0.3

sources: BID: 1328 // BID: 1578 // JVNDB: JVNDB-2000-000057 // CNNVD: CNNVD-200010-019 // NVD: CVE-2000-0778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0778
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2000-0778
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200010-019
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2000-0778
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2000-000057 // CNNVD: CNNVD-200010-019 // NVD: CVE-2000-0778

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0778

THREAT TYPE

network

Trust: 0.6

sources: BID: 1328 // BID: 1578

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200010-019

CONFIGURATIONS

sources: JVNDB: JVNDB-2000-000057

PATCH

title:	MS00-058	url:	http://www.microsoft.com/technet/security/bulletin/ms00-058.asp	Trust: 0.8
title:	MS00-058	url:	http://www.microsoft.com/japan/technet/security/Bulletin/ms00-058.mspx	Trust: 0.8

sources: JVNDB: JVNDB-2000-000057

EXTERNAL IDS

db:	BID	id:	1578	Trust: 2.8
db:	NVD	id:	CVE-2000-0778	Trust: 2.4
db:	JVNDB	id:	JVNDB-2000-000057	Trust: 0.8
db:	NSFOCUS	id:	752	Trust: 0.6
db:	MS	id:	MS00-058	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:927	Trust: 0.6
db:	NTBUGTRAQ	id:	20000816 TRANSLATE: F	Trust: 0.6
db:	BUGTRAQ	id:	20000815 TRANSLATE:F SUMMARY, HISTORY AND THOUGHTS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200010-019	Trust: 0.6
db:	BID	id:	1328	Trust: 0.4
db:	BID	id:	3592	Trust: 0.1
db:	PACKETSTORM	id:	86199	Trust: 0.1

sources: BID: 1328 // BID: 1578 // JVNDB: JVNDB-2000-000057 // PACKETSTORM: 86199 // CNNVD: CNNVD-200010-019 // NVD: CVE-2000-0778

REFERENCES

url:	http://www.securityfocus.com/bid/1578	Trust: 2.4
url:	http://www.ntbugtraq.com/default.asp?pid=36&sid=1&a2=ind0008&l=ntbugtraq&f=&s=&p=5212	Trust: 1.6
url:	http://www.securityfocus.com/templates/archive.pike?list=1&msg=080d5336d882d211b56b0060080f2cd696a7c9%40beta.mia.cz	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a927	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0778	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0778	Trust: 0.8
url:	http://www.securityfocus.com/templates/archive.pike?list=1&msg=080d5336d882d211b56b0060080f2cd696a7c9@beta.mia.cz	Trust: 0.6
url:	http://www.microsoft.com/technet/security/bulletin/ms00-058.asp	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:927	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/752	Trust: 0.6
url:	http://www.servletexec.com/	Trust: 0.3
url:	http://www.beasys.com/products/weblogic/index.html	Trust: 0.3
url:	http://www-4.ibm.com/software/webservers/appserv/efix.html	Trust: 0.3
url:	http://www.microsoft.com/technet/security/bulletin/fq00-058.asp	Trust: 0.3
url:	http://www.website.com/doc/docindex.jhtml	Trust: 0.1
url:	http://www.website.com/webline/html/admin/wcs/loginpage.jhtml	Trust: 0.1
url:	http://www.website.com/callme/callform.jhtml	Trust: 0.1
url:	http://www.securityfocus.com/bid/1578/info	Trust: 0.1
url:	http://www.cisco.com/en/us/products/ps7233/index.html	Trust: 0.1
url:	http://www.website.com/webline/html/forms/callback.jhtml	Trust: 0.1
url:	http://www.website.com/browserid/wizard.jhtml	Trust: 0.1
url:	http://www.website.com/webline/html/agent/default/badlogin.jhtml	Trust: 0.1
url:	http://www.securityfocus.com/bid/1328/info	Trust: 0.1
url:	http://www.website.com/webline/html/forms/callbackicm.jhtml	Trust: 0.1
url:	http://www.website.com/msccallme/msccallform.jhtml	Trust: 0.1
url:	http://www.website.com/browserid/wizardform.jhtml	Trust: 0.1
url:	http://www.website.com/webline/html/admin/wcs/loginpage.jhtml?oper=&dest=">	Trust: 0.1
url:	http://www.website.com/webline/html/multichatui/nowdefunctwindow.jhtml	Trust: 0.1
url:	http://www.cisco.com/en/us/products/ps7236/index.html	Trust: 0.1
url:	http://www.securityfocus.com/bid/3592/info	Trust: 0.1
url:	https://www.securestate.com/>	Trust: 0.1
url:	http://www.website.com/webline/html/agent/agentframe.jhtml	Trust: 0.1
url:	http://www.website.com/admin/ciscoadmin.jhtml	Trust: 0.1
url:	http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html	Trust: 0.1

sources: BID: 1328 // BID: 1578 // JVNDB: JVNDB-2000-000057 // PACKETSTORM: 86199 // CNNVD: CNNVD-200010-019 // NVD: CVE-2000-0778

CREDITS

Daniel Docekal※ ddoc@MIA.CZ

Trust: 0.6

sources: CNNVD: CNNVD-200010-019

SOURCES

db:	BID	id:	1328
db:	BID	id:	1578
db:	JVNDB	id:	JVNDB-2000-000057
db:	PACKETSTORM	id:	86199
db:	CNNVD	id:	CNNVD-200010-019
db:	NVD	id:	CVE-2000-0778

LAST UPDATE DATE

2024-08-14T14:16:23.993000+00:00

SOURCES UPDATE DATE

db:	BID	id:	1328	date:	2000-06-08T00:00:00
db:	BID	id:	1578	date:	2000-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2000-000057	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200010-019	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2000-0778	date:	2023-11-07T01:55:24.597

SOURCES RELEASE DATE

db:	BID	id:	1328	date:	2000-06-08T00:00:00
db:	BID	id:	1578	date:	2000-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2000-000057	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	86199	date:	2010-02-12T06:51:39
db:	CNNVD	id:	CNNVD-200010-019	date:	2000-08-14T00:00:00
db:	NVD	id:	CVE-2000-0778	date:	2000-10-20T04:00:00