Details of VAR-200212-0418

ID

VAR-200212-0418

CVE

CVE-2002-1718

TITLE

Microsoft IIS In FrontPage Server Extensions Vulnerability where file source information is leaked

Trust: 0.8

sources: JVNDB: JVNDB-2002-000037

DESCRIPTION

Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. Allegedly, submitting a request using '../' character sequences followed by the path to a known FPSE file, will cause the host to reveal the source of the requested file. Microsoft has not confirmed the existence of these vulnerabilities. * Confliciting details exist. This issue may be the result of a configuration error, although this has not been confirmed

Trust: 1.89

sources: NVD: CVE-2002-1718 // JVNDB: JVNDB-2002-000037 // BID: 4084

AFFECTED PRODUCTS

vendor:	microsoft	model:	iis	scope:	eq	version:	5.1	Trust: 1.1
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.1	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.1	Trust: 0.6

sources: BID: 4084 // JVNDB: JVNDB-2002-000037 // CNNVD: CNNVD-200212-383 // NVD: CVE-2002-1718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1718
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2002-1718
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200212-383
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2002-1718
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2002-000037 // CNNVD: CNNVD-200212-383 // NVD: CVE-2002-1718

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.0

sources: NVD: CVE-2002-1718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-383

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200212-383

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000037

PATCH

title:

Top Page

url:

http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2002-000037

EXTERNAL IDS

db:	BID	id:	4084	Trust: 2.7
db:	NVD	id:	CVE-2002-1718	Trust: 2.4
db:	JVNDB	id:	JVNDB-2002-000037	Trust: 0.8
db:	CNNVD	id:	CNNVD-200212-383	Trust: 0.6

sources: BID: 4084 // JVNDB: JVNDB-2002-000037 // CNNVD: CNNVD-200212-383 // NVD: CVE-2002-1718

REFERENCES

url:	http://www.securityfocus.com/bid/4084	Trust: 3.4
url:	http://online.securityfocus.com/archive/1/255555	Trust: 2.6
url:	http://online.securityfocus.com/archive/1/256125	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1718	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1718	Trust: 0.8

sources: JVNDB: JVNDB-2002-000037 // CNNVD: CNNVD-200212-383 // NVD: CVE-2002-1718

CREDITS

Discovered by Adonis.No.Spam <adonis1@videotron.ca>.

Trust: 0.9

sources: BID: 4084 // CNNVD: CNNVD-200212-383

SOURCES

db:	BID	id:	4084
db:	JVNDB	id:	JVNDB-2002-000037
db:	CNNVD	id:	CNNVD-200212-383
db:	NVD	id:	CVE-2002-1718

LAST UPDATE DATE

2024-11-22T22:59:26.730000+00:00

SOURCES UPDATE DATE

db:	BID	id:	4084	date:	2002-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2002-000037	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200212-383	date:	2020-12-10T00:00:00
db:	NVD	id:	CVE-2002-1718	date:	2024-11-20T23:41:57.197

SOURCES RELEASE DATE

db:	BID	id:	4084	date:	2002-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2002-000037	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200212-383	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-1718	date:	2002-12-31T05:00:00