VAR-200106-0117
Vulnerability from variot - Updated: 2025-04-03 20:32FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted in a Microsoft Security Bulletin MS01-026 on May 14, 2001.",
"sources": [
{
"db": "BID",
"id": "2719"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0335",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0335",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#137544",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#573155",
"trust": 0.8,
"value": "10.13"
},
{
"author": "NVD",
"id": "CVE-2001-0335",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-152",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. \nA user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0335"
},
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2719",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2001-0335",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#573155",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#137544",
"trust": 1.6
},
{
"db": "BID",
"id": "2847",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069",
"trust": 0.8
},
{
"db": "MS",
"id": "MS01-026",
"trust": 0.6
},
{
"db": "XF",
"id": "6545",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"id": "VAR-200106-0117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T20:32:05.180000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-026",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS01-026.mspx"
},
{
"title": "MS01-026",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-026.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/2719"
},
{
"trust": 1.4,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-026.asp"
},
{
"trust": 1.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-031.asp"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6545"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/573155"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/137544"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/downloads/release.asp?releaseid=30508"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0335"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0335"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6545.php"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-026.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#137544"
},
{
"db": "CERT/CC",
"id": "VU#573155"
},
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#137544"
},
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#573155"
},
{
"date": "2001-06-07T00:00:00",
"db": "BID",
"id": "2847"
},
{
"date": "2001-05-14T00:00:00",
"db": "BID",
"id": "2719"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"date": "2001-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"date": "2001-06-27T04:00:00",
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#137544"
},
{
"date": "2001-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#573155"
},
{
"date": "2001-06-07T00:00:00",
"db": "BID",
"id": "2847"
},
{
"date": "2001-05-14T00:00:00",
"db": "BID",
"id": "2719"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000069"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-152"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS FTP service searches all trusted domains for user accounts",
"sources": [
{
"db": "CERT/CC",
"id": "VU#137544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "2847"
},
{
"db": "BID",
"id": "2719"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…