var-200106-0117
Vulnerability from variot
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted in a Microsoft Security Bulletin MS01-026 on May 14, 2001.",
"sources": [
{
"db": "BID",
"id": "2719"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0335",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0335",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#137544",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#573155",
"trust": 0.8,
"value": "10.13"
},
{
"author": "NVD",
"id": "CVE-2001-0335",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-152",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. \nA user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0335"
},
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2719",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2001-0335",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#573155",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#137544",
"trust": 1.6
},
{
"db": "BID",
"id": "2847",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069",
"trust": 0.8
},
{
"db": "MS",
"id": "MS01-026",
"trust": 0.6
},
{
"db": "XF",
"id": "6545",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"id": "VAR-200106-0117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T12:59:39.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-026",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS01-026.mspx"
},
{
"title": "MS01-026",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-026.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/2719"
},
{
"trust": 1.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-026.asp"
},
{
"trust": 1.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-031.asp"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6545"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/573155"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/137544"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/downloads/release.asp?releaseid=30508"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0335"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0335"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6545.php"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-026.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#137544"
},
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#573155"
},
{
"date": "2001-06-07T00:00:00",
"db": "BID",
"id": "2847"
},
{
"date": "2001-05-14T00:00:00",
"db": "BID",
"id": "2719"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"date": "2001-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"date": "2001-06-27T04:00:00",
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#137544"
},
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#573155"
},
{
"date": "2001-06-07T00:00:00",
"db": "BID",
"id": "2847"
},
{
"date": "2001-05-14T00:00:00",
"db": "BID",
"id": "2719"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"date": "2018-10-12T21:30:21.093000",
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS FTP service searches all trusted domains for user accounts",
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.