CVE-1999-0278 : Detail

CVE-1999-0278

90.53%V3
Network
1999-09-29
02h00 +00:00
2024-08-01
16h34 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:P/I:N/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 19118

Publication date : 1997-12-31 23h00 +00:00
Author : Paul Ashton
EDB Verified : Yes

source: https://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returned, instead of executing the ASP. For example: http://xyz/myasp.asp::$DATA will return the source of myasp.asp, instead of executing it. The following proof of concept was provided: http://xyz/myasp.asp::$DATA This will cause IIS to disclose the contents of the page, myasp.asp, to an attacker.

Products Mentioned

Configuraton 0

Microsoft>>Internet_information_server >> Version 3.0

Microsoft>>Internet_information_server >> Version 4.0

Configuraton 0

Microsoft>>Windows_nt >> Version 4.0

References