ID

VAR-200012-0187


CVE

CVE-2000-0951


TITLE

IIS Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-110

DESCRIPTION

A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. Hidden directories, include files (*.inc), or other documents that would not normally be accessible through the regular website interface can be exposed through this exploit. Successful exploitation could lead to the discovery of certain files that may contain sensitive information such as usernames and passwords

Trust: 1.17

sources: NVD: CVE-2000-0951 // BID: 1756

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.3

sources: BID: 1756 // CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0951
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200012-110
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2000-0951
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-110

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-110

EXTERNAL IDS

db:BIDid:1756

Trust: 1.9

db:NVDid:CVE-2000-0951

Trust: 1.6

db:XFid:5335

Trust: 0.6

db:ATSTAKEid:A100400-1

Trust: 0.6

db:MSKBid:Q272079

Trust: 0.6

db:CNNVDid:CNNVD-200012-110

Trust: 0.6

sources: BID: 1756 // CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

REFERENCES

url:http://www.microsoft.com/technet/support/kb.asp?id=272079

Trust: 1.9

url:http://www.securityfocus.com/bid/1756

Trust: 1.6

url:http://www.atstake.com/research/advisories/2000/a100400-1.txt

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5335

Trust: 1.0

url:http://xforce.iss.net/static/5335.php

Trust: 0.6

sources: BID: 1756 // CNNVD: CNNVD-200012-110 // NVD: CVE-2000-0951

CREDITS

Discovered by David Litchfield <dlitchfield@atstake.com> and publicized in a @stake security advisory (A100400-1) on October 4, 2000.

Trust: 0.3

sources: BID: 1756

SOURCES

db:BIDid:1756
db:CNNVDid:CNNVD-200012-110
db:NVDid:CVE-2000-0951

LAST UPDATE DATE

2024-08-14T14:23:17.291000+00:00


SOURCES UPDATE DATE

db:BIDid:1756date:2000-10-04T00:00:00
db:CNNVDid:CNNVD-200012-110date:2005-05-02T00:00:00
db:NVDid:CVE-2000-0951date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:BIDid:1756date:2000-10-04T00:00:00
db:CNNVDid:CNNVD-200012-110date:2000-12-19T00:00:00
db:NVDid:CVE-2000-0951date:2000-12-19T05:00:00