| CVE-ID | ||
|---|---|---|
CVE-1999-0450 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
| Description | ||
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
| Assigning CNA | ||
| MITRE Corporation | ||
| Date Record Created | ||
| 19990607 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Modified (20090622) | ||
| Votes (Legacy) | ||
| ACCEPT(2) Ozancin, Wall NOOP(2) Baker, Christey REJECT(2) Frech, LeBlanc |
||
| Comments (Legacy) | ||
Frech> Can't find in database. Christey> This looks like another discovery of CVE-2000-0071 LeBlanc> - I just tried to repro this based on the BUGTRAQ vuln information, and it does not repro - GET /bogus.pl HTTP/1.0 HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Thu, 05 Oct 2000 21:04:20 GMT Content-Length: 3243 Content-Type: text/html No path is returned whatsoever. This may have been a problem on some version of IIS in the past, but the BUGTRAQ ID says all versions are vulnerable. Let's try and figure out what version had the problem, whether it is intrinsic to IIS or the result of adding a 3rd party implementation of perl, and when it got fixed, then we can try again. CHANGE> [Frech changed vote from REVIEWING to REJECT] Christey> Add "no-such-file.pl" as an example to the desc, to facilitate search (it's used by CGI scanners and in the original example) |
||
| Proposed (Legacy) | ||
| 19990726 | ||
| This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: CVE Request Web Form (select "Other" from dropdown) | ||
