Details of VAR-200106-0115

ID

VAR-200106-0115

CVE

CVE-2001-0333

TITLE

IIS decodes filenames superfluously after applying security checks

Trust: 0.8

sources: CERT/CC: VU#789543

DESCRIPTION

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS decodes the filename to determine the filetype and the legitimacy of the file. IIS then carries out a security check. 2. When the security check is completed, IIS decodes CGI parameters. A flaw in IIS involves a third undocumented action: Typically, IIS decodes only the CGI parameter at this point, yet the previously decoded CGI filename is mistakenly decoded twice. If a malformed filename is submitted and circumvents the initial security check, the undocumented procedure will decode the malformed request, possibly allowing the execution of arbitrary commands. Note that arbitrary commands will be run with the IUSR_machinename account privileges. Reportedly, various encoding combinations under Windows 2000 Server and Professional may yield different outcomes. Personal Web Server 1.0 and 3.0 are reported vulnerable to this issue. The worm Nimda(and variants) actively exploit this vulnerability

Trust: 2.61

sources: NVD: CVE-2001-0333 // CERT/CC: VU#789543 // JVNDB: JVNDB-2001-000070 // BID: 2708

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 1.1
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 1.1
vendor:	microsoft	model:	internet information server	scope:	lte	version:	5.0	Trust: 1.0
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	windows nt sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	personal web server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	personal web server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	3.0	Trust: 0.3

sources: CERT/CC: VU#789543 // BID: 2708 // JVNDB: JVNDB-2001-000070 // CNNVD: CNNVD-200106-190 // NVD: CVE-2001-0333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0333
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#789543
value:	79.31
Trust: 0.8
NVD:	CVE-2001-0333
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200106-190
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2001-0333
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#789543 // JVNDB: JVNDB-2001-000070 // CNNVD: CNNVD-200106-190 // NVD: CVE-2001-0333

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-190

TYPE

Design Error

Trust: 0.9

sources: BID: 2708 // CNNVD: CNNVD-200106-190

CONFIGURATIONS

sources: JVNDB: JVNDB-2001-000070

PATCH

title:	MS01-026	url:	http://www.microsoft.com/technet/security/bulletin/MS01-026.mspx	Trust: 0.8
title:	MS01-026	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS01-026.mspx	Trust: 0.8

sources: JVNDB: JVNDB-2001-000070

EXTERNAL IDS

db:	BID	id:	2708	Trust: 3.5
db:	NVD	id:	CVE-2001-0333	Trust: 2.7
db:	CERT/CC	id:	VU#789543	Trust: 0.8
db:	JVNDB	id:	JVNDB-2001-000070	Trust: 0.8
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:1051	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:1018	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:78	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:37	Trust: 0.6
db:	BUGTRAQ	id:	20010515 NSFOCUS SA2001-02 : MICROSOFT IIS CGI FILENAME DECODE ERROR VULNERABILITY	Trust: 0.6
db:	XF	id:	6534	Trust: 0.6
db:	MS	id:	MS01-026	Trust: 0.6
db:	CERT/CC	id:	CA-2001-12	Trust: 0.6
db:	CNNVD	id:	CNNVD-200106-190	Trust: 0.6

sources: CERT/CC: VU#789543 // BID: 2708 // JVNDB: JVNDB-2001-000070 // CNNVD: CNNVD-200106-190 // NVD: CVE-2001-0333

REFERENCES

url:	http://www.securityfocus.com/bid/2708	Trust: 3.2
url:	http://www.cert.org/advisories/ca-2001-12.html	Trust: 2.4
url:	http://www.microsoft.com/technet/security/bulletin/ms01-026.asp	Trust: 1.4
url:	http://marc.info/?l=bugtraq&m=98992056521300&w=2	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6534	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1018	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1051	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a37	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a78	Trust: 1.0
url:	http://www.microsoft.com/downloads/release.asp?releaseid=29787	Trust: 0.8
url:	http://www.microsoft.com/downloads/release.asp?releaseid=29764	Trust: 0.8
url:	http://www.nsfocus.com/english/homepage/sa01-02.htm	Trust: 0.8
url:	http://www.microsoft.com/technet/security/mbrsrvcl.asp	Trust: 0.8
url:	http://www.microsoft.com/technet/security/iis5chk.asp	Trust: 0.8
url:	http://www.microsoft.com/technet/security/iischk.asp	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0333	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0333	Trust: 0.8
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2	Trust: 0.6
url:	http://xforce.iss.net/static/6534.php	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:78	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:37	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1051	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1018	Trust: 0.6
url:	http://support.coresecurity.com/impact/exploits/b34560acdc1826f7026001ef789b6382.html	Trust: 0.3
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-026.asp	Trust: 0.3
url:	http://www.microsoft.com/technet/security/bulletin/ms02-026.asp	Trust: 0.3
url:	http://www.unsekure.com.br/labs/jmscan-1.1.tar.gz	Trust: 0.3

sources: CERT/CC: VU#789543 // BID: 2708 // JVNDB: JVNDB-2001-000070 // CNNVD: CNNVD-200106-190 // NVD: CVE-2001-0333

CREDITS

Nsfocus Security Team※ security@nsfocus.com

Trust: 0.6

sources: CNNVD: CNNVD-200106-190

SOURCES

db:	CERT/CC	id:	VU#789543
db:	BID	id:	2708
db:	JVNDB	id:	JVNDB-2001-000070
db:	CNNVD	id:	CNNVD-200106-190
db:	NVD	id:	CVE-2001-0333

LAST UPDATE DATE

2024-08-14T12:19:31.994000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#789543	date:	2001-09-18T00:00:00
db:	BID	id:	2708	date:	2007-01-29T20:18:00
db:	JVNDB	id:	JVNDB-2001-000070	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200106-190	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2001-0333	date:	2018-10-12T21:30:19.827

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#789543	date:	2001-05-15T00:00:00
db:	BID	id:	2708	date:	2001-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2001-000070	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200106-190	date:	2001-05-15T00:00:00
db:	NVD	id:	CVE-2001-0333	date:	2001-06-27T04:00:00