Details of VAR-200109-0072

ID

VAR-200109-0072

CVE

CVE-2001-0709

TITLE

Microsoft FAT File system IIS Unicode .asp Leak source vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200109-075

DESCRIPTION

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. A flaw exists in the handling of .asp requests. Typically when a request is made for an .asp file, IIS will identify that it is a script and run it as such

Trust: 1.17

sources: NVD: CVE-2001-0709 // BID: 2909

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	lte	version:	4.0	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 2909 // CNNVD: CNNVD-200109-075 // NVD: CVE-2001-0709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0709
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200109-075
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2001-0709
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200109-075 // NVD: CVE-2001-0709

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200109-075

TYPE

wrong environmental conditions

Trust: 0.6

sources: CNNVD: CNNVD-200109-075

EXTERNAL IDS

db:	NVD	id:	CVE-2001-0709	Trust: 1.9
db:	BID	id:	2909	Trust: 1.9
db:	XF	id:	6742	Trust: 0.6
db:	BUGTRAQ	id:	20010622 [VIGILANTE-2001001] ASP SOURCE CODE RETRIEVED WITH UNICODE EXTENS ION	Trust: 0.6
db:	CNNVD	id:	CNNVD-200109-075	Trust: 0.6

sources: BID: 2909 // CNNVD: CNNVD-200109-075 // NVD: CVE-2001-0709

REFERENCES

url:	http://www.securityfocus.com/bid/2909	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/192802	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6742	Trust: 1.0
url:	http://xforce.iss.net/static/6742.php	Trust: 0.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/iischk.asp	Trust: 0.3

sources: BID: 2909 // CNNVD: CNNVD-200109-075 // NVD: CVE-2001-0709

CREDITS

Discovered and posted to Bugtraq by VIGILANTE <hack.kampbjorn@vigilante.com> on June 22, 2001.

Trust: 0.3

sources: BID: 2909

SOURCES

db:	BID	id:	2909
db:	CNNVD	id:	CNNVD-200109-075
db:	NVD	id:	CVE-2001-0709

LAST UPDATE DATE

2024-08-14T15:20:22.024000+00:00

SOURCES UPDATE DATE

db:	BID	id:	2909	date:	2009-07-11T06:56:00
db:	CNNVD	id:	CNNVD-200109-075	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-0709	date:	2017-12-19T02:29:26.067

SOURCES RELEASE DATE

db:	BID	id:	2909	date:	2001-06-21T00:00:00
db:	CNNVD	id:	CNNVD-200109-075	date:	2001-06-21T00:00:00
db:	NVD	id:	CVE-2001-0709	date:	2001-09-20T04:00:00