VAR-199701-0039
Vulnerability from variot - Updated: 2025-04-03 22:22IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. Microsoft Internet Information Server (IIS) is a popular web server, providing support for a variety of scripting languages, including ASP (active server pages). This is accomplished by appending a period (.) to the end of a URL requesting a specific script, and applies to any file types in the "script-map list", including .asp, .ht., .id, .PL, and others. Consequences of exploitation vary depending on the site design, but commonly include details of directory structure on the web server, database passwords, and various other pieces of information that could then be used to mount further attacks. A Microsoft hotfix for this issue was released, but has been found vulnerable to a variation whereby the period is replaced by %2e, the hexadecimal encoding for the same character. (BugTraq ID 1814). Microsoft IIS will return the source code of various server side script files (such as ASP files) if the filename in the URL request contains a "%2e", the hex value for ".". For example, the following URL will display the source of the ASP file: http://target/file%2easp Source code disclosure could possibly yield sensitive information such as usernames and passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199701-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "iis",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "2074"
},
{
"db": "BID",
"id": "1814"
},
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weld Pond\u203b weld@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
}
],
"trust": 0.6
},
"cve": "CVE-1999-0253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0253",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0253",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199701-007",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. Microsoft Internet Information Server (IIS) is a popular web server, providing support for a variety of scripting languages, including ASP (active server pages). This is accomplished by appending a period (.) to the end of a URL requesting a specific script, and applies to any file types in the \"script-map list\", including .asp, .ht., .id, .PL, and others. Consequences of exploitation vary depending on the site design, but commonly include details of directory structure on the web server, database passwords, and various other pieces of information that could then be used to mount further attacks. A Microsoft hotfix for this issue was released, but has been found vulnerable to a variation whereby the period is replaced by %2e, the hexadecimal encoding for the same character. (BugTraq ID 1814). Microsoft IIS will return the source code of various server side script files (such as ASP files) if the filename in the URL request contains a \"%2e\", the hex value for \".\". For example, the following URL will display the source of the ASP file:\nhttp://target/file%2easp\nSource code disclosure could possibly yield sensitive information such as usernames and passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0253"
},
{
"db": "BID",
"id": "2074"
},
{
"db": "BID",
"id": "1814"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1814",
"trust": 2.2
},
{
"db": "NVD",
"id": "CVE-1999-0253",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-199701-007",
"trust": 0.6
},
{
"db": "BID",
"id": "2074",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "2074"
},
{
"db": "BID",
"id": "1814"
},
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"id": "VAR-199701-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T22:22:09.929000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft IIS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134904"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/1814"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q163/4/85.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q164/0/59.asp"
}
],
"sources": [
{
"db": "BID",
"id": "2074"
},
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "2074"
},
{
"db": "BID",
"id": "1814"
},
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1997-02-20T00:00:00",
"db": "BID",
"id": "2074"
},
{
"date": "1997-03-19T00:00:00",
"db": "BID",
"id": "1814"
},
{
"date": "1997-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"date": "1997-01-01T05:00:00",
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1997-02-20T00:00:00",
"db": "BID",
"id": "2074"
},
{
"date": "2009-07-11T03:56:00",
"db": "BID",
"id": "1814"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199701-007"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-1999-0253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2074"
},
{
"db": "BID",
"id": "1814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Information Services Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199701-007"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…