Details of VAR-200101-0078

ID

VAR-200101-0078

CVE

CVE-2000-1104

TITLE

MS:MS00-060 (CVE-2000-0746) variant "IIS Cross-site scripting " Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200101-053

DESCRIPTION

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. IIS Far East Edition is prone to a cross-site scripting vulnerability

Trust: 1.17

sources: NVD: CVE-2000-1104 // BID: 83024

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 83024 // CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-1104
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200101-053
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2000-1104
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1104

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200101-053

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200101-053

EXTERNAL IDS

db:	NVD	id:	CVE-2000-1104	Trust: 1.9
db:	MS	id:	MS00-060	Trust: 0.6
db:	CNNVD	id:	CNNVD-200101-053	Trust: 0.6
db:	BID	id:	83024	Trust: 0.3

sources: BID: 83024 // CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

REFERENCES

url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060	Trust: 1.0
url:	http://www.microsoft.com/technet/security/bulletin/ms00-060.asp	Trust: 0.9

sources: BID: 83024 // CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

CREDITS

Unknown

Trust: 0.3

sources: BID: 83024

SOURCES

db:	BID	id:	83024
db:	CNNVD	id:	CNNVD-200101-053
db:	NVD	id:	CVE-2000-1104

LAST UPDATE DATE

2024-08-14T14:42:26.733000+00:00

SOURCES UPDATE DATE

db:	BID	id:	83024	date:	2001-01-09T00:00:00
db:	CNNVD	id:	CNNVD-200101-053	date:	2005-10-31T00:00:00
db:	NVD	id:	CVE-2000-1104	date:	2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:	BID	id:	83024	date:	2001-01-09T00:00:00
db:	CNNVD	id:	CNNVD-200101-053	date:	2001-01-09T00:00:00
db:	NVD	id:	CVE-2000-1104	date:	2001-01-09T05:00:00