• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Denial of service in Windows NT IIS server using ..\..
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • MSKB:Q115052
Date Entry Created
19990607 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (19991228-02)
Votes (Legacy)
ACCEPT(2) Baker, Shostack
MODIFY(2) Frech, Wall
NOOP(1) Northcutt
REJECT(1) Christey
Comments (Legacy)
 Wall> Denial of service in Windows NT IIS Server 1.0 using ..\...
   Source: Microsoft Knowledge Base Article Q115052 - IIS Server.
 Frech> XF:http-dotdot (not necessarily IIS?)
 Christey> DELREF XF:http-dotdot - it deals with a read/access dot dot
 Christey> This actually looks like XF:iis-dot-dot-crash(1638)
   If so, include the version number (2.0)
 CHANGE> [Christey changed vote from REVOTE to REJECT]
 Christey> Bill Wall intended to suggest Q155052, but the affected
   IIS version there is 1.0; the effect is to read files,
   so this sounds like a directory traversal problem,
   instead of an inability to process certain strings.
   As a result, this candidate is too general, since it could
   apply to 2 different problems, so it should be REJECTed.
 Christey> Consider adding BID:2218

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.