Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2000-0778 | First vendor Publication | 2000-10-20 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0778 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:927 | |||
| Oval ID: | oval:org.mitre.oval:def:927 | ||
| Title: | IIS5.0 Specialized Header Vulnerability | ||
| Description: | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2000-0778 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-03-15 | Name : Microsoft MS00-058 security check File : nvt/remote-MS00-058.nasl |
| 2005-11-03 | Name : ASP/ASA source using Microsoft Translate f: bug File : nvt/translate_f.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 390 | Microsoft IIS Translate f: Request ASP Source Disclosure Microsoft IIS contains a flaw that may allow a remote attacker to view the source code of ASP/ASA scripts. The issue is due to the server not properly handling the "Translate: f" header, used by WebDAV and FrontPage2000. With a specially crafted header, an attacker can force the server to display script source code instead of processing the script normally. This may reveal sensitive information such as internal IP addresses, account names or passwords. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | view source via translate header RuleID : 1042-community - Revision : 26 - Type : SERVER-IIS |
| 2014-01-10 | view source via translate header RuleID : 1042 - Revision : 25 - Type : SERVER-IIS |
| 2014-01-10 | global.asa access RuleID : 1016-community - Revision : 26 - Type : SERVER-IIS |
| 2014-01-10 | global.asa access RuleID : 1016 - Revision : 26 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-09-08 | Name : The remote host has an application that is affected by a source code disclosu... File : translate_f_51.nasl - Type : ACT_GATHER_INFO |
| 2003-03-23 | Name : The remote web server is affected by an information disclosure flaw. File : iis_unc_mapped_virt_host_vuln.nasl - Type : ACT_GATHER_INFO |
| 2000-08-23 | Name : The remote web server is affected by an information disclosure flaw. File : translate_f.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:48:12 |
|
| 2021-05-04 12:01:11 |
|
| 2021-04-22 01:01:24 |
|
| 2020-05-23 00:14:26 |
|
| 2018-10-31 00:19:40 |
|
| 2018-10-13 00:22:23 |
|
| 2017-10-10 09:23:16 |
|
| 2016-06-28 14:53:36 |
|
| 2014-02-17 10:23:13 |
|
| 2014-01-19 21:21:11 |
|
| 2013-08-03 13:19:02 |
|
| 2013-05-11 12:01:14 |
|
