VAR-200106-0115
Vulnerability from variot - Updated: 2025-04-03 19:33Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS decodes the filename to determine the filetype and the legitimacy of the file. IIS then carries out a security check. 2. When the security check is completed, IIS decodes CGI parameters. A flaw in IIS involves a third undocumented action: Typically, IIS decodes only the CGI parameter at this point, yet the previously decoded CGI filename is mistakenly decoded twice. If a malformed filename is submitted and circumvents the initial security check, the undocumented procedure will decode the malformed request, possibly allowing the execution of arbitrary commands. Note that arbitrary commands will be run with the IUSR_machinename account privileges. Reportedly, various encoding combinations under Windows 2000 Server and Professional may yield different outcomes. Personal Web Server 1.0 and 3.0 are reported vulnerable to this issue. The worm Nimda(and variants) actively exploit this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information server",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "windows nt sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "personal web server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "personal web server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789543"
},
{
"db": "BID",
"id": "2708"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nsfocus Security Team\u203b security@nsfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
}
],
"trust": 0.6
},
"cve": "CVE-2001-0333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0333",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0333",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#789543",
"trust": 0.8,
"value": "79.31"
},
{
"author": "NVD",
"id": "CVE-2001-0333",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-190",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789543"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and \"\\\" characters twice. \nWhen IIS receives a CGI filename request, it automatically performs two actions before completing the request:\n1. IIS decodes the filename to determine the filetype and the legitimacy of the file. IIS then carries out a security check. \n2. When the security check is completed, IIS decodes CGI parameters. \nA flaw in IIS involves a third undocumented action: Typically, IIS decodes only the CGI parameter at this point, yet the previously decoded CGI filename is mistakenly decoded twice. If a malformed filename is submitted and circumvents the initial security check, the undocumented procedure will decode the malformed request, possibly allowing the execution of arbitrary commands. \nNote that arbitrary commands will be run with the IUSR_machinename account privileges. Reportedly, various encoding combinations under Windows 2000 Server and Professional may yield different outcomes. \nPersonal Web Server 1.0 and 3.0 are reported vulnerable to this issue. \nThe worm Nimda(and variants) actively exploit this vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0333"
},
{
"db": "CERT/CC",
"id": "VU#789543"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"db": "BID",
"id": "2708"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2708",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2001-0333",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#789543",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070",
"trust": 0.8
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1051",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1018",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:78",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:37",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010515 NSFOCUS SA2001-02 : MICROSOFT IIS CGI FILENAME DECODE ERROR VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "6534",
"trust": 0.6
},
{
"db": "MS",
"id": "MS01-026",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2001-12",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789543"
},
{
"db": "BID",
"id": "2708"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"id": "VAR-200106-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T19:33:59.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-026",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS01-026.mspx"
},
{
"title": "MS01-026",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-026.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/2708"
},
{
"trust": 2.4,
"url": "http://www.cert.org/advisories/ca-2001-12.html"
},
{
"trust": 1.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-026.asp"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a37"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1051"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98992056521300\u0026w=2"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6534"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1018"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a78"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/downloads/release.asp?releaseid=29787"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/downloads/release.asp?releaseid=29764"
},
{
"trust": 0.8,
"url": "http://www.nsfocus.com/english/homepage/sa01-02.htm"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/mbrsrvcl.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/iis5chk.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/iischk.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0333"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0333"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98992056521300\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6534.php"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:78"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:37"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1051"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1018"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/b34560acdc1826f7026001ef789b6382.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-026.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-026.asp"
},
{
"trust": 0.3,
"url": "http://www.unsekure.com.br/labs/jmscan-1.1.tar.gz"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#789543"
},
{
"db": "BID",
"id": "2708"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#789543"
},
{
"db": "BID",
"id": "2708"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#789543"
},
{
"date": "2001-05-15T00:00:00",
"db": "BID",
"id": "2708"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"date": "2001-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"date": "2001-06-27T04:00:00",
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#789543"
},
{
"date": "2007-01-29T20:18:00",
"db": "BID",
"id": "2708"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000070"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-190"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IIS decodes filenames superfluously after applying security checks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#789543"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "2708"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-190"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…