var-200007-0068
Vulnerability from variot
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. A vulnerability exists in Microsoft Internet Information Server (IIS) that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type files file might include user credentials for access to a back-end database.This is a variation of the vulnerability previously discussed in VU#35085 and Microsoft Security Bulletin MS00-031. Requesting a known filename with the extension replaced with .htr preceeded by approximately 230 "%20" (which is an escaped character that represents a space) from Microsoft IIS 4.0/5.0 will cause the server to retrieve the file and its contents. This is due to the .htr file extension being mapped to ISM.DLL ISAPI application which redirects .htr file requests to ISM.DLL. ISM.DLL removes the extraneous "%20" and replaces .htr with the proper filename extension and reveals the source of the file. This vulnerability is similar to a more recently discovered variant, BugTraq ID 1488. This action can only be performed if a .htr request has not been previously made or if ISM.DLL is loaded into memory for the first time. If an .htr request has already been made, a restart of the web server is necessary in order to perform another. Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file. Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first '<%' encountered - '<%' and '%>' are server-side script delimiters. Pages which use the delimiters instead will display the entire source, or up to any '<%' in the page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200007-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.4,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.4,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis alpha",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#28565"
},
{
"db": "CERT/CC",
"id": "VU#35085"
},
{
"db": "BID",
"id": "1193"
},
{
"db": "BID",
"id": "1488"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nsfocus Security Team\u203b security@nsfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
}
],
"trust": 0.6
},
"cve": "CVE-2000-0630",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0630",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0630",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#28565",
"trust": 0.8,
"value": "13.17"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#35085",
"trust": 0.8,
"value": "13.17"
},
{
"author": "NVD",
"id": "CVE-2000-0630",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200007-043",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#28565"
},
{
"db": "CERT/CC",
"id": "VU#35085"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the \"File Fragment Reading via .HTR\" vulnerability. A vulnerability exists in Microsoft Internet Information Server (IIS) that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type files file might include user credentials for access to a back-end database.This is a variation of the vulnerability previously discussed in VU#35085 and Microsoft Security Bulletin MS00-031. Requesting a known filename with the extension replaced with .htr preceeded by approximately 230 \"%20\" (which is an escaped character that represents a space) from Microsoft IIS 4.0/5.0 will cause the server to retrieve the file and its contents. This is due to the .htr file extension being mapped to ISM.DLL ISAPI application which redirects .htr file requests to ISM.DLL. ISM.DLL removes the extraneous \"%20\" and replaces .htr with the proper filename extension and reveals the source of the file. This vulnerability is similar to a more recently discovered variant, BugTraq ID 1488. \nThis action can only be performed if a .htr request has not been previously made or if ISM.DLL is loaded into memory for the first time. If an .htr request has already been made, a restart of the web server is necessary in order to perform another. Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending \"+.htr\" to a request for a known .asp (or .asa, .ini, etc) file. Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first \u0027\u003c%\u0027 encountered - \u0027\u003c%\u0027 and \u0027%\u003e\u0027 are server-side script delimiters. Pages which use the \u003cscript runat=server\u003e\u003c/script\u003e delimiters instead will display the entire source, or up to any \u0027\u003c%\u0027 in the page",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0630"
},
{
"db": "CERT/CC",
"id": "VU#28565"
},
{
"db": "CERT/CC",
"id": "VU#35085"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"db": "BID",
"id": "1193"
},
{
"db": "BID",
"id": "1488"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1488",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2000-0630",
"trust": 2.4
},
{
"db": "BID",
"id": "1193",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#28565",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#35085",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049",
"trust": 0.8
},
{
"db": "MS",
"id": "MS00-044",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4027",
"trust": 0.6
},
{
"db": "XF",
"id": "5104",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200007-043",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#28565"
},
{
"db": "CERT/CC",
"id": "VU#35085"
},
{
"db": "BID",
"id": "1193"
},
{
"db": "BID",
"id": "1488"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"id": "VAR-200007-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:51:35.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS00-044",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-044.asp"
},
{
"title": "MS00-044",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms06-040.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.securityfocus.com/bid/1488"
},
{
"trust": 1.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-044.asp"
},
{
"trust": 1.1,
"url": "http://www.microsoft.com/technet/security/bulletin/fq00-044.asp"
},
{
"trust": 1.1,
"url": "http://www.microsoft.com/technet/security/bulletin/fq00-031.asp"
},
{
"trust": 1.1,
"url": "http://support.microsoft.com/support/kb/articles/q260/0/69.asp"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/1193"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5104"
},
{
"trust": 0.8,
"url": "http://www.cerberus-infosec.co.uk/advism.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-031.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0630"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0630"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5104.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4027"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q260/8/38.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#28565"
},
{
"db": "CERT/CC",
"id": "VU#35085"
},
{
"db": "BID",
"id": "1193"
},
{
"db": "BID",
"id": "1488"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#28565"
},
{
"db": "CERT/CC",
"id": "VU#35085"
},
{
"db": "BID",
"id": "1193"
},
{
"db": "BID",
"id": "1488"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#28565"
},
{
"date": "2001-05-25T00:00:00",
"db": "CERT/CC",
"id": "VU#35085"
},
{
"date": "2000-05-11T00:00:00",
"db": "BID",
"id": "1193"
},
{
"date": "2000-07-17T00:00:00",
"db": "BID",
"id": "1488"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"date": "2000-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"date": "2000-07-17T04:00:00",
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#28565"
},
{
"date": "2001-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#35085"
},
{
"date": "2000-05-11T00:00:00",
"db": "BID",
"id": "1193"
},
{
"date": "2000-07-17T00:00:00",
"db": "BID",
"id": "1488"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000049"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200007-043"
},
{
"date": "2018-10-30T16:25:10.357000",
"db": "NVD",
"id": "CVE-2000-0630"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "1193"
},
{
"db": "BID",
"id": "1488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing \"+.htr\"",
"sources": [
{
"db": "CERT/CC",
"id": "VU#28565"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200007-043"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.