Sign-up

ID

VAR-200012-0153


CVE

CVE-2000-0884


TITLE

Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url

Trust: 0.8

sources: CERT/CC: VU#111677

DESCRIPTION

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. A vulnerability exists in Microsoft IIS 4 and 5 such that an attacker visiting an IIS web site can execute arbitrary code with the privileges of the IUSR_machinename account. This vulnerability is referred to as the "Web Server Folder Directory Traversal" vulnerability. This vulnerability has characteristics similar to vulnerabilities that have been widely exploited in the past. Unless remedial action is taken, we believe it is likely that systems with this vulnerability will be compromised. Microsoft IIS Is "/" When " " For notation UNICODE If an extended expression is used, there is a vulnerability that discloses directory information using relative path notation.Web Files on the same logical drive as the root directory may be altered, executed, or deleted. Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default, therefore, any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted, modified, or executed. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever. (March 18, 2001) This is the vulnerability exploited by the Code Blue Worm. **UPDATE**: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability

Trust: 2.61

sources: NVD: CVE-2000-0884 // CERT/CC: VU#111677 // JVNDB: JVNDB-2000-000080 // BID: 1806

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:personal web serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iis alphascope:eqversion:4.0

Trust: 0.3

sources: CERT/CC: VU#111677 // BID: 1806 // JVNDB: JVNDB-2000-000080 // CNNVD: CNNVD-200012-156 // NVD: CVE-2000-0884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0884
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#111677
value: 68.40

Trust: 0.8

NVD: CVE-2000-0884
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200012-156
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2000-0884
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#111677 // JVNDB: JVNDB-2000-000080 // CNNVD: CNNVD-200012-156 // NVD: CVE-2000-0884

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0884

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-156

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200012-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2000-000080

PATCH
title:MS00-078url:http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx
Trust: 0.8
title:MS00-078url:http://www.microsoft.com/japan/technet/security/Bulletin/ms00-078.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2000-000080

EXTERNAL IDS
db:BIDid:1806
Trust: 3.5
db:NVDid:CVE-2000-0884
Trust: 2.4
db:OSVDBid:436
Trust: 1.6
db:CERT/CCid:VU#111677
Trust: 0.8
db:JVNDBid:JVNDB-2000-000080
Trust: 0.8
db:MSid:MS00-078
Trust: 0.6
db:XFid:5377
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:44
Trust: 0.6
db:CNNVDid:CNNVD-200012-156
Trust: 0.6
sources:
            
            
            CERT/CC: VU#111677 // 
            
            
            
            BID: 1806 // 
            
            
            
            JVNDB: JVNDB-2000-000080 // 
            
            
            
            CNNVD: CNNVD-200012-156 // 
            
            
            
            NVD: CVE-2000-0884

REFERENCES
url:http://www.securityfocus.com/bid/1806
Trust: 3.2
url:http://www.osvdb.org/436
Trust: 1.6
url:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
Trust: 1.4
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5377
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a44
Trust: 1.0
url:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0884
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0884
Trust: 0.8
url:http://xforce.iss.net/static/5377.php
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:44
Trust: 0.6
url:http://www.f-secure.com/v-descs/codeblue.shtml
Trust: 0.3
url:http://www.microsoft.com/technet/security/bulletin/fq00-078.asp
Trust: 0.3
url:http://www.securityfocus.com/archive/88/213279
Trust: 0.3
url:http://support.coresecurity.com/impact/exploits/378aff922154e6f3b87f6dbf42457338.html
Trust: 0.3
url:http://www.antivirus.com/vinfo/virusencyclo/default5.asp?vname=troj_bluecode.a
Trust: 0.3
sources:
            
            
            CERT/CC: VU#111677 // 
            
            
            
            BID: 1806 // 
            
            
            
            JVNDB: JVNDB-2000-000080 // 
            
            
            
            CNNVD: CNNVD-200012-156 // 
            
            
            
            NVD: CVE-2000-0884

CREDITS
Nsfocus Security Team※ security@nsfocus.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200012-156

SOURCES
db:CERT/CCid:VU#111677
db:BIDid:1806
db:JVNDBid:JVNDB-2000-000080
db:CNNVDid:CNNVD-200012-156
db:NVDid:CVE-2000-0884

LAST UPDATE DATE
2024-08-14T13:40:48.269000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#111677date:2001-09-18T00:00:00
db:BIDid:1806date:2000-10-17T00:00:00
db:JVNDBid:JVNDB-2000-000080date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-156date:2005-10-12T00:00:00
db:NVDid:CVE-2000-0884date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE
db:CERT/CCid:VU#111677date:2000-11-20T00:00:00
db:BIDid:1806date:2000-10-17T00:00:00
db:JVNDBid:JVNDB-2000-000080date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-156date:2000-10-11T00:00:00
db:NVDid:CVE-2000-0884date:2000-12-19T05:00:00