ID

VAR-200012-0153


CVE

CVE-2000-0884


TITLE

Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url

Trust: 0.8

sources: CERT/CC: VU#111677

DESCRIPTION

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. A vulnerability exists in Microsoft IIS 4 and 5 such that an attacker visiting an IIS web site can execute arbitrary code with the privileges of the IUSR_machinename account. This vulnerability is referred to as the "Web Server Folder Directory Traversal" vulnerability. This vulnerability has characteristics similar to vulnerabilities that have been widely exploited in the past. Unless remedial action is taken, we believe it is likely that systems with this vulnerability will be compromised. Microsoft IIS Is "/" When " " For notation UNICODE If an extended expression is used, there is a vulnerability that discloses directory information using relative path notation.Web Files on the same logical drive as the root directory may be altered, executed, or deleted. Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "\". Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default, therefore, any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted, modified, or executed. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever. (March 18, 2001) This is the vulnerability exploited by the Code Blue Worm. **UPDATE**: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability

Trust: 2.61

sources: NVD: CVE-2000-0884 // CERT/CC: VU#111677 // JVNDB: JVNDB-2000-000080 // BID: 1806

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:personal web serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iis alphascope:eqversion:4.0

Trust: 0.3

sources: CERT/CC: VU#111677 // BID: 1806 // JVNDB: JVNDB-2000-000080 // CNNVD: CNNVD-200012-156 // NVD: CVE-2000-0884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0884
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#111677
value: 68.40

Trust: 0.8

NVD: CVE-2000-0884
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200012-156
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2000-0884
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#111677 // JVNDB: JVNDB-2000-000080 // CNNVD: CNNVD-200012-156 // NVD: CVE-2000-0884

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0884

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-156

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200012-156

CONFIGURATIONS

sources: JVNDB: JVNDB-2000-000080

PATCH

title:MS00-078url:http://www.microsoft.com/technet/security/bulletin/ms00-078.mspx

Trust: 0.8

title:MS00-078url:http://www.microsoft.com/japan/technet/security/Bulletin/ms00-078.mspx

Trust: 0.8

sources: JVNDB: JVNDB-2000-000080

EXTERNAL IDS

db:BIDid:1806

Trust: 3.5

db:NVDid:CVE-2000-0884

Trust: 2.4

db:OSVDBid:436

Trust: 1.6

db:CERT/CCid:VU#111677

Trust: 0.8

db:JVNDBid:JVNDB-2000-000080

Trust: 0.8

db:MSid:MS00-078

Trust: 0.6

db:XFid:5377

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:44

Trust: 0.6

db:CNNVDid:CNNVD-200012-156

Trust: 0.6

sources: CERT/CC: VU#111677 // BID: 1806 // JVNDB: JVNDB-2000-000080 // CNNVD: CNNVD-200012-156 // NVD: CVE-2000-0884

REFERENCES

url:http://www.securityfocus.com/bid/1806

Trust: 3.2

url:http://www.osvdb.org/436

Trust: 1.6

url:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp

Trust: 1.4

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5377

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a44

Trust: 1.0

url:http://www.microsoft.com/technet/security/bulletin/ms00-057.asp

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0884

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0884

Trust: 0.8

url:http://xforce.iss.net/static/5377.php

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:44

Trust: 0.6

url:http://www.f-secure.com/v-descs/codeblue.shtml

Trust: 0.3

url:http://www.microsoft.com/technet/security/bulletin/fq00-078.asp

Trust: 0.3

url:http://www.securityfocus.com/archive/88/213279

Trust: 0.3

url:http://support.coresecurity.com/impact/exploits/378aff922154e6f3b87f6dbf42457338.html

Trust: 0.3

url:http://www.antivirus.com/vinfo/virusencyclo/default5.asp?vname=troj_bluecode.a

Trust: 0.3

sources: CERT/CC: VU#111677 // BID: 1806 // JVNDB: JVNDB-2000-000080 // CNNVD: CNNVD-200012-156 // NVD: CVE-2000-0884

CREDITS

Nsfocus Security Team※ security@nsfocus.com

Trust: 0.6

sources: CNNVD: CNNVD-200012-156

SOURCES

db:CERT/CCid:VU#111677
db:BIDid:1806
db:JVNDBid:JVNDB-2000-000080
db:CNNVDid:CNNVD-200012-156
db:NVDid:CVE-2000-0884

LAST UPDATE DATE

2024-08-14T13:40:48.269000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#111677date:2001-09-18T00:00:00
db:BIDid:1806date:2000-10-17T00:00:00
db:JVNDBid:JVNDB-2000-000080date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-156date:2005-10-12T00:00:00
db:NVDid:CVE-2000-0884date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:CERT/CCid:VU#111677date:2000-11-20T00:00:00
db:BIDid:1806date:2000-10-17T00:00:00
db:JVNDBid:JVNDB-2000-000080date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-156date:2000-10-11T00:00:00
db:NVDid:CVE-2000-0884date:2000-12-19T05:00:00