Details of VAR-200012-0187

ID

VAR-200012-0187

CVE

CVE-2000-0951

TITLE

IIS Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-110

DESCRIPTION

A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. Hidden directories, include files (*.inc), or other documents that would not normally be accessible through the regular website interface can be exposed through this exploit. Successful exploitation could lead to the discovery of certain files that may contain sensitive information such as usernames and passwords

Trust: 1.17

sources: NVD: CVE-2000-0951 // BID: 1756

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 1756 // CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0951
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200012-110
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2000-0951
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-110

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-110

EXTERNAL IDS

db:	BID	id:	1756	Trust: 1.9
db:	NVD	id:	CVE-2000-0951	Trust: 1.6
db:	XF	id:	5335	Trust: 0.6
db:	ATSTAKE	id:	A100400-1	Trust: 0.6
db:	MSKB	id:	Q272079	Trust: 0.6
db:	CNNVD	id:	CNNVD-200012-110	Trust: 0.6

sources: BID: 1756 // CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

REFERENCES

url:	http://www.microsoft.com/technet/support/kb.asp?id=272079	Trust: 1.9
url:	http://www.securityfocus.com/bid/1756	Trust: 1.6
url:	http://www.atstake.com/research/advisories/2000/a100400-1.txt	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5335	Trust: 1.0
url:	http://xforce.iss.net/static/5335.php	Trust: 0.6

sources: BID: 1756 // CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

CREDITS

Discovered by David Litchfield <dlitchfield@atstake.com> and publicized in a @stake security advisory (A100400-1) on October 4, 2000.

Trust: 0.3

sources: BID: 1756

SOURCES

db:	BID	id:	1756
db:	CNNVD	id:	CNNVD-200012-110
db:	NVD	id:	CVE-2000-0951

LAST UPDATE DATE

2024-08-14T14:23:17.291000+00:00

SOURCES UPDATE DATE

db:	BID	id:	1756	date:	2000-10-04T00:00:00
db:	CNNVD	id:	CNNVD-200012-110	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2000-0951	date:	2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:	BID	id:	1756	date:	2000-10-04T00:00:00
db:	CNNVD	id:	CNNVD-200012-110	date:	2000-12-19T00:00:00
db:	NVD	id:	CVE-2000-0951	date:	2000-12-19T05:00:00