VAR-199905-0028
Vulnerability from variot - Updated: 2025-04-03 22:14The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. IIS 4.0 installs a number of sample ASP scripts including one called "showcode.asp". This script allows clients to view the source of other sample scripts via a browser. The "showcode.asp" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for ".." in the path of the requested file. The script takes one parameter, "source", which is the file to view. The script's default location URL is: http://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp Similar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199905-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "site server commerce edition sp2 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp1 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp2 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp1 i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server i386",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "iis alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "site server commerce edition sp4 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp4 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp3 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server commerce edition sp3 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp4 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp4 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp3 i386",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "site server sp3 alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parcens",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
}
],
"trust": 0.6
},
"cve": "CVE-1999-0736",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0736",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0736",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-1999-0736",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-199905-018",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. \nIIS 4.0 installs a number of sample ASP scripts including one called \"showcode.asp\". This script allows clients to view the source of other sample scripts via a browser. The \"showcode.asp\" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for \"..\" in the path of the requested file. \nThe script takes one parameter, \"source\", which is the file to view. The script\u0027s default location URL is:\nhttp://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp\nSimilar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0736"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "BID",
"id": "167"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0736",
"trust": 2.7
},
{
"db": "BID",
"id": "167",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009",
"trust": 0.8
},
{
"db": "MS",
"id": "MS99-013",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:932",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3400",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"id": "VAR-199905-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T22:14:23.826000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS99-013",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS99-013.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a932"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0736"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0736"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/167"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms99-013.asp"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:932"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3400"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q231/3/68.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q231/6/56.asp"
},
{
"trust": 0.3,
"url": "http://www.ntsecurity.net/scripts/loader.asp?id=/security/siteserver-1.htm"
}
],
"sources": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "167"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-05-07T00:00:00",
"db": "BID",
"id": "167"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"date": "1999-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"date": "1999-05-07T04:00:00",
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-11T00:16:00",
"db": "BID",
"id": "167"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000009"
},
{
"date": "2012-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199905-018"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-1999-0736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS of showcode.asp Vulnerability to view arbitrary files in files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000009"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199905-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…