var-199905-0028
Vulnerability from variot
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. IIS 4.0 installs a number of sample ASP scripts including one called "showcode.asp". This script allows clients to view the source of other sample scripts via a browser. The "showcode.asp" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for ".." in the path of the requested file. The script takes one parameter, "source", which is the file to view. The script's default location URL is: http://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp Similar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199905-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "site server commerce edition sp2 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp1 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp2 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp1 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "iis alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "site server commerce edition sp4 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp4 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp3 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp3 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp4 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp4 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp3 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp3 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parcens",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
}
],
"trust": 0.6
},
"cve": "CVE-1999-0736",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0736",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0736",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-1999-0736",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-199905-018",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. \nIIS 4.0 installs a number of sample ASP scripts including one called \"showcode.asp\". This script allows clients to view the source of other sample scripts via a browser. The \"showcode.asp\" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for \"..\" in the path of the requested file. \nThe script takes one parameter, \"source\", which is the file to view. The script\u0027s default location URL is:\nhttp://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp\nSimilar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0736"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "BID",
"id": "167"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0736",
"trust": 2.7
},
{
"db": "BID",
"id": "167",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009",
"trust": 0.8
},
{
"db": "MS",
"id": "MS99-013",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:932",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3400",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"id": "VAR-199905-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-22T22:49:01.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS99-013",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS99-013.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013"
},
{
"trust": 2.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a932"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0736"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0736"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/167"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms99-013.asp"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:932"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3400"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q231/3/68.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q231/6/56.asp"
},
{
"trust": 0.3,
"url": "http://www.ntsecurity.net/scripts/loader.asp?id=/security/siteserver-1.htm"
}
],
"sources": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-05-07T00:00:00",
"db": "BID",
"id": "167"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"date": "1999-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"date": "1999-05-07T04:00:00",
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-11T00:16:00",
"db": "BID",
"id": "167"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"date": "2012-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"date": "2024-11-20T23:29:21.100000",
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS of showcode.asp Vulnerability to view arbitrary files in files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.