CVE-1999-0450
CVSS7.5
发布时间 :1999-01-26 00:00:00
修订时间 :2009-06-24 00:00:00
NMCOES    

[原文]In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).


[CNNVD]NT IIS IISAPI扩展枚举根网络服务目录漏洞(CNNVD-199901-051)

        IIS中存在漏洞,攻击者利用该漏洞通过使用将借助Perl (perl.exe)解释的不存在的URL请求确定一个真正的路径。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:3.0Microsoft IIS 3.0
cpe:/a:microsoft:internet_information_server:2.0Microsoft IIS 2.0
cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0
cpe:/a:microsoft:internet_information_server:5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0450
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0450
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199901-051
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/194
(UNKNOWN)  BID  194

- 漏洞信息

NT IIS IISAPI扩展枚举根网络服务目录漏洞
高危 配置错误
1999-01-26 00:00:00 2009-06-24 00:00:00
远程※本地  
        IIS中存在漏洞,攻击者利用该漏洞通过使用将借助Perl (perl.exe)解释的不存在的URL请求确定一个真正的路径。
        

- 公告与补丁

        In IIS4 and above, you can configure it to check for the existence of a file before it returns an error message.
        In IIS4:
        Preferences -> Home directory -> Application
        select "Check if file exists" for all IISAPI mappings registered
        Also, remove all unused mappings.

- 漏洞信息 (19152)

Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability (EDBID:19152)
windows remote
1999-01-26 Verified
0 Mnemonix
N/A [点击下载]
source: http://www.securityfocus.com/bid/194/info

A GET request that specifies a nonexistent file with an IISAPI-registered extension (ie .pl, .idq) will cause the IIS server to return an error message that includes the full path of the root web server directory.

This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file.

Example:

CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\ bogus.pl": No such file or directory

		

- 漏洞信息

98
Microsoft IIS perl.exe HTTP Path Disclosure
Information Disclosure
Loss of Confidentiality Workaround
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-01-22 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NT IIS IISAPI Extension Enumerate Root Web Server Directory Vulnerability
Configuration Error 194
Yes Yes
1999-01-26 12:00:00 2009-07-11 12:16:00
This vulnerability was first posted to the NTBugtraq mailing list by David Litchfield (Mnemonix).

- 受影响的程序版本

Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 1.0
+ Cisco ICS 7750
+ Cisco ICS 7750
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.0
+ Cisco uOne 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco uOne 1.0
+ Hancom Hancom Office 2007 0
+ Hancom Hancom Office 2007 0
+ Microsoft BackOffice 4.5
+ Microsoft BackOffice 4.5
+ Microsoft Windows NT 4.0 Option Pack
+ Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 3.0
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft IIS 2.0
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 4.0

- 漏洞讨论

A GET request that specifies a nonexistent file with an IISAPI-registered extension (ie .pl, .idq) will cause the IIS server to return an error message that includes the full path of the root web server directory.

This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file.

Example:

CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\ bogus.pl": No such file or directory

- 漏洞利用

see discussion

- 解决方案

In IIS4 and above, you can configure it to check for the existence of a file before it returns an error message.

In IIS4:
Preferences -> Home directory -> Application
select "Check if file exists" for all IISAPI mappings registered

Also, remove all unused mappings.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站