ID
VAR-200212-0570
CVE
CVE-2002-1694
TITLE
Microsoft IIS of Vulnerability of modifying log files in default settings
Trust: 0.8
DESCRIPTION
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. Unprivileged users could modify the log file using a File Open Dialog with Win32 API call. The following are the default permissions on the log files folder: Administrators: Full Control Everyone: Change (RWXD) IUSR_ ComputerName : Full Control System: Full Control
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 4.0 | Trust: 1.6 |
| vendor: | microsoft | model: | internet information services | scope: | eq | version: | 5.0 | Trust: 1.6 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 4.0 | Trust: 1.1 |
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 5.0 | Trust: 0.6 |
| vendor: | symantec | model: | norton internet security | scope: | eq | version: | 20010 | Trust: 0.3 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 5.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
CONFIGURATIONS
PATCH
| title: | Top Page | url: | http://www.microsoft.com/ja/jp/default.aspx | Trust: 0.8 |
EXTERNAL IDS
| db: | BID | id: | 3888 | Trust: 2.7 |
| db: | NVD | id: | CVE-2002-1694 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2002-000011 | Trust: 0.8 |
| db: | NSFOCUS | id: | 2160 | Trust: 0.6 |
| db: | XF | id: | 7919 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-200212-079 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/3888 | Trust: 3.4 |
| url: | http://online.securityfocus.com/archive/1/250591 | Trust: 2.0 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/7919 | Trust: 2.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1694 | Trust: 0.8 |
| url: | http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1694 | Trust: 0.8 |
| url: | http://xforce.iss.net/xforce/xfdb/7919 | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/2160 | Trust: 0.6 |
| url: | http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/iis4cl.asp | Trust: 0.3 |
| url: | http://www.microsoft.com/technet/security | Trust: 0.3 |
| url: | http://www.symantec.com/sabu/nis/nis_pe/ | Trust: 0.3 |
| url: | http://support.microsoft.com/default.aspx?scid=kb;en-us;q315986 | Trust: 0.3 |
CREDITS
Information Anarchy 2K01※ advisories@nmrc.org
Trust: 0.6
SOURCES
| db: | BID | id: | 3888 |
| db: | JVNDB | id: | JVNDB-2002-000011 |
| db: | CNNVD | id: | CNNVD-200212-079 |
| db: | NVD | id: | CVE-2002-1694 |
LAST UPDATE DATE
2024-11-22T22:48:44.643000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 3888 | date: | 2002-01-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2002-000011 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-079 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-1694 | date: | 2024-11-20T23:41:54.043 |
SOURCES RELEASE DATE
| db: | BID | id: | 3888 | date: | 2002-01-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2002-000011 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-079 | date: | 2002-01-16T00:00:00 |
| db: | NVD | id: | CVE-2002-1694 | date: | 2002-12-31T05:00:00 |