Vulnerability 2282 - CERT Civis.Net

Vulnerability Name:

CCN-2282

Published:

1998-12-25

Updated:

1998-12-25

Summary:

In Microsoft Internet Information Server (IIS), a remote attacker could use the bdir.htr script to view the names of directories on the server. Though the attacker is limited to only viewing server directory information, this information could be useful to an attacker in performing further attacks.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Phrack Magazine, Volume 8, Issue 54, Article 08 of 12
NT Web Technology Vulnerabilities

Source: CCN
Type: BID-2280
Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability

Source: XF
Type: UNKNOWN
iis-bdir(2282)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:microsoft:internet_information_services:3.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK