VAR-200108-0065
Vulnerability from variot - Updated: 2025-04-03 22:39ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. Microsoft IIS Is URL If the redirect is valid, Code Red Service operation is affected by the worm (DoS) A condition may occur.Microsoft IIS Service disruption (DoS) It may be in a state. Due to the inproper handling of URL redirection in IIS 4.0, it is possible to cause a host to stop responding. This vulnerability is currently being exploited by the 'Code Red' worm. Upon the worm sending a request attempting to infect the target host, IIS 4.0 will inproperly handle the unusal length of the request and fail. A restart of the service is required in order to gain normal functionality. It should be noted that the 'Code Red' worm attempts to exploit a previously discovered vulnerability BID 2880. Due to a flaw in SiteWare Editor's Desk, it is possible for a user to gain read access of known files residing on a SiteWare host. This is accomplished by crafting a URL containing double dot '../' sequences along with the relative path to a known file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200108-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "siteware",
"scope": "lte",
"trust": 1.0,
"vendor": "screaming media",
"version": "3.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "screamingmedia",
"version": null
},
{
"model": "siteware",
"scope": "eq",
"trust": 0.6,
"vendor": "screaming media",
"version": "3.1"
},
{
"model": "media siteware",
"scope": "eq",
"trust": 0.3,
"vendor": "screaming",
"version": "3.1"
},
{
"model": "media siteware",
"scope": "eq",
"trust": 0.3,
"vendor": "screaming",
"version": "3.02"
},
{
"model": "media siteware",
"scope": "eq",
"trust": 0.3,
"vendor": "screaming",
"version": "3.01"
},
{
"model": "media siteware",
"scope": "eq",
"trust": 0.3,
"vendor": "screaming",
"version": "3.0"
},
{
"model": "media siteware",
"scope": "eq",
"trust": 0.3,
"vendor": "screaming",
"version": "2.501"
},
{
"model": "media siteware",
"scope": "eq",
"trust": 0.3,
"vendor": "screaming",
"version": "2.5"
},
{
"model": "media siteware",
"scope": "ne",
"trust": 0.3,
"vendor": "screaming",
"version": "3.1.1"
},
{
"model": "media siteware",
"scope": "ne",
"trust": 0.3,
"vendor": "screaming",
"version": "2.5.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#795707"
},
{
"db": "BID",
"id": "3191"
},
{
"db": "BID",
"id": "2869"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Mike Shema (mike.shema@foundstone.com) on June 11, 2001 and posted to Bugtraq on June 13, 2001.",
"sources": [
{
"db": "BID",
"id": "2869"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-0555",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0555",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#795707",
"trust": 0.8,
"value": "37.80"
},
{
"author": "NVD",
"id": "CVE-2001-0555",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200108-083",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#795707"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor\u0027s Desktop or (2) the template parameter in SWEditServlet. Microsoft IIS Is URL If the redirect is valid, Code Red Service operation is affected by the worm (DoS) A condition may occur.Microsoft IIS Service disruption (DoS) It may be in a state. Due to the inproper handling of URL redirection in IIS 4.0, it is possible to cause a host to stop responding. \nThis vulnerability is currently being exploited by the \u0027Code Red\u0027 worm. Upon the worm sending a request attempting to infect the target host, IIS 4.0 will inproperly handle the unusal length of the request and fail. \nA restart of the service is required in order to gain normal functionality. \nIt should be noted that the \u0027Code Red\u0027 worm attempts to exploit a previously discovered vulnerability BID 2880. Due to a flaw in SiteWare Editor\u0027s Desk, it is possible for a user to gain read access of known files residing on a SiteWare host. This is accomplished by crafting a URL containing double dot \u0027../\u0027 sequences along with the relative path to a known file",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0555"
},
{
"db": "CERT/CC",
"id": "VU#795707"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"db": "BID",
"id": "3191"
},
{
"db": "BID",
"id": "2869"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2869",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#795707",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2001-0555",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "13887",
"trust": 1.6
},
{
"db": "BID",
"id": "3191",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20010613 SCREAMINGMEDIA SITEWARE SOURCE CODE DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010613 SCREAMINGMEDIA SITEWARE ARBITRARY FILE RETRIEVAL VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "6689",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#795707"
},
{
"db": "BID",
"id": "3191"
},
{
"db": "BID",
"id": "2869"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"id": "VAR-200108-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T22:39:10.744000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS01-044",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS01-044.mspx"
},
{
"title": "MS01-044",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS01-044.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/2869"
},
{
"trust": 1.9,
"url": "http://www01.screamingmedia.com/en/security/sms1001.php"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/795707"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/13887"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6689"
},
{
"trust": 0.8,
"url": "http://www.screamingmedia.com/security/sms1001.php"
},
{
"trust": 0.8,
"url": "http://www.foundstone.com/cgi-bin/display.cgi?content_id=326"
},
{
"trust": 0.8,
"url": "http://www01.screamingmedia.com/en/technology_services/syndication_connect/faq.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0555"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0555"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/3191"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/6689"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/topics/codealrt.asp"
},
{
"trust": 0.3,
"url": "http://www.cert.org/incident_notes/in-2001-10.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-033.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-044.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/vdb/bottom.html?vid=2880"
},
{
"trust": 0.3,
"url": "http://www.screamingmedia.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#795707"
},
{
"db": "BID",
"id": "3191"
},
{
"db": "BID",
"id": "2869"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#795707"
},
{
"db": "BID",
"id": "3191"
},
{
"db": "BID",
"id": "2869"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#795707"
},
{
"date": "2001-08-16T00:00:00",
"db": "BID",
"id": "3191"
},
{
"date": "2001-06-11T00:00:00",
"db": "BID",
"id": "2869"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"date": "2001-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"date": "2001-08-14T04:00:00",
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#795707"
},
{
"date": "2001-08-16T00:00:00",
"db": "BID",
"id": "3191"
},
{
"date": "2001-06-11T00:00:00",
"db": "BID",
"id": "2869"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000128"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-083"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "3191"
},
{
"db": "BID",
"id": "2869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ScreamingMedia SITEware does not adequately validate user input thereby allowing arbitrary file disclosure via directory traversal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#795707"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-083"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…