Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS00-006 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | N/A |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Malformed Hit-Highlighting Argument Vulnerability |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2000-02-02 | Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0 Directory Traversal |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-09 | Name : Microsoft MS00-06 security check File : nvt/remote-MS00-006.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 7608 | Microsoft Index Server Internet Data Query Path Disclosure Microsoft Index Server in Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. By providing a request to a non-existent Internet Data Query file, a remote attacker could reveal the physical path to the web directory that was contained in the request resulting in a loss of confidentiality. |
| 1210 | Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access Microsoft IIS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the webhits.dll library not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "CiWebHitsFile" variable. By supplying a crafted request to an htw script, it is possible to read arbitrary files on the system. |
| 271 | Microsoft IIS WebHits null.htw .asp Source Disclosure Microsoft IIS contains a flaw that allows a remote attacker to view the source of .asp files. The issue is due to IIS mapping all .htw files to be handled by Webhits.dll. By appending a space (%20) to the end of a filename or calling CiWebHitsFile as a variable, setting the "CiHiliteType" variable to "Full", and setting the "CiRestriction" variable to "None", the server will return the source of an .asp file. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | ASP contents view RuleID : 979-community - Revision : 22 - Type : SERVER-IIS |
| 2014-01-10 | ASP contents view RuleID : 979 - Revision : 22 - Type : SERVER-IIS |
| 2014-01-10 | ASP contents view RuleID : 978-community - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | ASP contents view RuleID : 978 - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | webhits.exe access RuleID : 1073-community - Revision : 15 - Type : SERVER-WEBAPP |
| 2014-01-10 | webhits.exe access RuleID : 1073 - Revision : 15 - Type : SERVER-WEBAPP |
| 2014-01-10 | webhits access RuleID : 1044-community - Revision : 17 - Type : SERVER-IIS |
| 2014-01-10 | webhits access RuleID : 1044 - Revision : 17 - Type : SERVER-IIS |
| 2014-01-10 | Internet Data Query prxdocs prxrch.idq directory traversal attempt RuleID : 10401 - Revision : 4 - Type : WEB-IIS |
| 2014-01-10 | Internet Data Query iissamples query.idq directory traversal attempt RuleID : 10400 - Revision : 4 - Type : WEB-IIS |
| 2014-01-10 | Internet Data Query iissamples fastq.idq directory traversal attempt RuleID : 10399 - Revision : 4 - Type : WEB-IIS |
| 2014-01-10 | Internet Data Query exair search.idq directory traversal attempt RuleID : 10398 - Revision : 4 - Type : WEB-IIS |
| 2014-01-10 | Internet Data Query exair query.idq directory traversal attempt RuleID : 10397 - Revision : 4 - Type : WEB-IIS |
| 2014-01-10 | Internet Data Query query.idq directory traversal attempt RuleID : 10396 - Revision : 4 - Type : WEB-IIS |
| 2014-01-10 | Malformed Hit-Highlighting Argument File Access Attempt RuleID : 1019-community - Revision : 30 - Type : SERVER-IIS |
| 2014-01-10 | Malformed Hit-Highlighting Argument File Access Attempt RuleID : 1019 - Revision : 30 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2003-03-12 | Name : The remote host is vulnerable to privilege escalation. File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO |
| 2002-04-11 | Name : The remote web server is affected by a denial of service vulnerability. File : iis_frontpage_dos.nasl - Type : ACT_DENIAL |
| 2000-08-24 | Name : The remote IIS web server is missing a security patch. File : iis_anything_idq.nasl - Type : ACT_GATHER_INFO |
| 2000-04-01 | Name : The remote web server is affected by an information disclosure vulnerability. File : ms_index_server.nasl - Type : ACT_GATHER_INFO |
| 2000-02-08 | Name : The remote Windows host is affected by an information disclosure vulnerability. File : idq_dll.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:44:20 |
|
| 2014-01-19 21:29:42 |
|
