CVE-1999-1375
CVSS5.0
发布时间 :1999-02-11 00:00:00
修订时间 :2016-10-17 22:03:44
NMCOES    

[原文]FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.


[CNNVD]NT使用ASP及FSO读取服务器文件漏洞(CNNVD-199902-023)

        showfile.asp Active Server Page (ASP)中的FileSystemObject (FSO)存在漏洞。远程攻击者通过制定文件参数中的名称来读取任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0
cpe:/a:microsoft:internet_information_server:3.0Microsoft IIS 3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1375
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1375
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199902-023
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=ntbugtraq&m=91877455626320&w=2
(UNKNOWN)  NTBUGTRAQ  19990211 Using FSO in ASP to view just about anything
http://www.securityfocus.com/bid/230
(VENDOR_ADVISORY)  BID  230

- 漏洞信息

NT使用ASP及FSO读取服务器文件漏洞
中危 访问验证错误
1999-02-11 00:00:00 2005-10-20 00:00:00
远程※本地  
        showfile.asp Active Server Page (ASP)中的FileSystemObject (FSO)存在漏洞。远程攻击者通过制定文件参数中的名称来读取任意文件。

- 公告与补丁

        Joel Maslak suggests Applying appropriate NTFS permissions to limit the access to given to the IUSR_machinename account. For multiple virtual web servers, run each virtual server under a different user account.
        Russ Cooper recommends disabling the "Allow Parent Paths" option via Internet Services Manager.

- 漏洞信息 (19194)

Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability (EDBID:19194)
multiple remote
1999-02-11 Verified
0 Gary Geisbert
N/A [点击下载]
source: http://www.securityfocus.com/bid/230/info


The File System Object (FSO) may be called from an Active Server Page (ASP) to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path.

An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa

This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server.

<%
' grab the file from the URL
FileName = Request.QueryString("file")

' create the filesystemobject and open the file
Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.OpenTextFile(Server.MapPath(FileName))

' read the contents
ShowTheFreakinThing = ts.ReadAll

' display them
Response.Write ShowTheFreakinThing

' EOF
%> 
		

- 漏洞信息

13507
Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-02-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NT Using ASP And FSO To Read Server Files Vulnerability
Access Validation Error 230
Yes Yes
1999-02-11 12:00:00 2009-07-11 12:16:00
This vulnerability was posted to NTBugtraq by Gary Geisbert <gary@NEWSLETTERS.COM>.

- 受影响的程序版本

Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 1.0
+ Cisco ICS 7750
+ Cisco ICS 7750
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.0
+ Cisco uOne 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco uOne 1.0
+ Hancom Hancom Office 2007 0
+ Hancom Hancom Office 2007 0
+ Microsoft BackOffice 4.5
+ Microsoft BackOffice 4.5
+ Microsoft Windows NT 4.0 Option Pack
+ Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 3.0
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0

- 漏洞讨论

The File System Object (FSO) may be called from an Active Server Page (ASP) to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path.

An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa

This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server.

- 漏洞利用

&lt;%
' grab the file from the URL
FileName = Request.QueryString("file")

' create the filesystemobject and open the file
Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.OpenTextFile(Server.MapPath(FileName))

' read the contents
ShowTheFreakinThing = ts.ReadAll

' display them
Response.Write ShowTheFreakinThing

' EOF
%&gt;

- 解决方案

Joel Maslak <jmaslak@WIND-RIVER.COM> suggests Applying appropriate NTFS permissions to limit the access to given to the IUSR_machinename account. For multiple virtual web servers, run each virtual server under a different user account.

Russ Cooper <Russ.Cooper@RC.ON.CA> recommends disabling the "Allow Parent Paths" option via Internet Services Manager.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站