Sign-up

ID

VAR-200106-0117


CVE

CVE-2001-0335


TITLE

Microsoft IIS FTP service searches all trusted domains for user accounts

Trust: 0.8

sources: CERT/CC: VU#137544

DESCRIPTION

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain

Trust: 3.6

sources: NVD: CVE-2001-0335 // CERT/CC: VU#137544 // CERT/CC: VU#573155 // JVNDB: JVNDB-2001-000069 // BID: 2847 // BID: 2719

AFFECTED PRODUCTS

vendor:microsoftmodel: - scope: - version: -

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:internet information serverscope:lteversion:5.0

Trust: 1.0

vendor:microsoftmodel:iisscope:eqversion:4.0 4.0

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

sources: CERT/CC: VU#137544 // CERT/CC: VU#573155 // BID: 2847 // BID: 2719 // JVNDB: JVNDB-2001-000069 // CNNVD: CNNVD-200106-152 // NVD: CVE-2001-0335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0335
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#137544
value: 10.13

Trust: 0.8

CARNEGIE MELLON: VU#573155
value: 10.13

Trust: 0.8

NVD: CVE-2001-0335
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200106-152
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2001-0335
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#137544 // CERT/CC: VU#573155 // JVNDB: JVNDB-2001-000069 // CNNVD: CNNVD-200106-152 // NVD: CVE-2001-0335

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0335

THREAT TYPE

network

Trust: 0.6

sources: BID: 2847 // BID: 2719

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 2847 // BID: 2719

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000069

PATCH
title:MS01-026url:http://www.microsoft.com/technet/security/bulletin/MS01-026.mspx
Trust: 0.8
title:MS01-026url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-026.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000069

EXTERNAL IDS
db:BIDid:2719
Trust: 3.5
db:NVDid:CVE-2001-0335
Trust: 2.4
db:CERT/CCid:VU#573155
Trust: 1.6
db:CERT/CCid:VU#137544
Trust: 1.6
db:BIDid:2847
Trust: 1.1
db:JVNDBid:JVNDB-2001-000069
Trust: 0.8
db:MSid:MS01-026
Trust: 0.6
db:XFid:6545
Trust: 0.6
db:CNNVDid:CNNVD-200106-152
Trust: 0.6
sources:
            
            
            CERT/CC: VU#137544 // 
            
            
            
            CERT/CC: VU#573155 // 
            
            
            
            BID: 2847 // 
            
            
            
            BID: 2719 // 
            
            
            
            JVNDB: JVNDB-2001-000069 // 
            
            
            
            CNNVD: CNNVD-200106-152 // 
            
            
            
            NVD: CVE-2001-0335

REFERENCES
url:http://www.securityfocus.com/bid/2719
Trust: 3.2
url:http://www.microsoft.com/technet/security/bulletin/ms01-026.asp
Trust: 1.4
url:http://www.microsoft.com/technet/security/bulletin/ms01-031.asp
Trust: 1.1
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6545
Trust: 1.0
url:http://www.kb.cert.org/vuls/id/573155
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/137544
Trust: 0.8
url:http://www.microsoft.com/downloads/release.asp?releaseid=30508
Trust: 0.8
url:http://www.securityfocus.com/bid/2847
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0335
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0335
Trust: 0.8
url:http://xforce.iss.net/static/6545.php
Trust: 0.6
url:http://www.microsoft.com/technet/security/bulletin/ms02-026.asp
Trust: 0.3
sources:
            
            
            CERT/CC: VU#137544 // 
            
            
            
            CERT/CC: VU#573155 // 
            
            
            
            BID: 2847 // 
            
            
            
            BID: 2719 // 
            
            
            
            JVNDB: JVNDB-2001-000069 // 
            
            
            
            CNNVD: CNNVD-200106-152 // 
            
            
            
            NVD: CVE-2001-0335

CREDITS
Posted in a Microsoft Security Bulletin MS01-026 on May 14, 2001.
Trust: 0.9
sources:
            
            
            BID: 2719 // 
            
            
            
            CNNVD: CNNVD-200106-152

SOURCES
db:CERT/CCid:VU#137544
db:CERT/CCid:VU#573155
db:BIDid:2847
db:BIDid:2719
db:JVNDBid:JVNDB-2001-000069
db:CNNVDid:CNNVD-200106-152
db:NVDid:CVE-2001-0335

LAST UPDATE DATE
2024-08-14T12:59:39.951000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#137544date:2001-09-18T00:00:00
db:CERT/CCid:VU#573155date:2001-09-18T00:00:00
db:BIDid:2847date:2001-06-07T00:00:00
db:BIDid:2719date:2001-05-14T00:00:00
db:JVNDBid:JVNDB-2001-000069date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200106-152date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0335date:2018-10-12T21:30:21.093

SOURCES RELEASE DATE
db:CERT/CCid:VU#137544date:2001-09-18T00:00:00
db:CERT/CCid:VU#573155date:2001-09-18T00:00:00
db:BIDid:2847date:2001-06-07T00:00:00
db:BIDid:2719date:2001-05-14T00:00:00
db:JVNDBid:JVNDB-2001-000069date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200106-152date:2001-06-27T00:00:00
db:NVDid:CVE-2001-0335date:2001-06-27T04:00:00