Vulnerability Name:

CCN-2185

Published:1999-05-07
Updated:1999-05-07
Summary:Microsoft Site Server and Internet Information Server include tools that could allow Web site visitors to view selected files on the server. These are installed by default under Site Server, but must be explicitly installed under IIS. These tools are provided to allow users to view the source code of sample files as a learning exercise, and are not intended to be deployed on production Web servers. The problem with this vulnerability is that the tools do not restrict which files a Web site visitor can view.
CVSS v3 Severity:
CVSS v2 Severity:
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Microsoft Security Bulletin MS99-013
Solution Available for File Viewers Vulnerability

Source: CCN
Type: @stake, Inc./L0pht Security Advisory 05/07/99
Microsoft IIS 4.0 Web Server

Source: CCN
Type: WebTrends Press Release
New Microsoft Site Server & IIS Security Vulnerabilities

Source: XF
Type: UNKNOWN
iis-samples(2185)

Source: CCN
Type: Microsoft Knowledge Base Article 231368
Solution Available for File Viewers Vulnerability

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:site_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft site server -
    microsoft internet information server 4.0
    microsoft windows nt 4.0
    microsoft windows 2000 *