Vulnerability Name:

CVE-1999-1418 (CCN-8229)

Assigned:1999-05-01
Published:1999-05-01
Updated:2008-09-05
Summary:ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Sat, 1 May 1999 13:58:41 +0200
Update: security hole in the ICQ-Webserver

Source: CCN
Type: BugTraq Mailing List, Thu, 13 May 1999 02:54:01 -0700
ICQ99 #1800 Now Available

Source: MITRE
Type: CNA
CVE-1999-1418

Source: CCN
Type: ICQ Web site
ICQ.com - Download ICQ

Source: CCN
Type: OSVDB ID: 6334
ICQ99 ICQ Web Server Active Homepage File Existence Disclosure

Source: BUGTRAQ
Type: Patch, Vendor Advisory
19990501 Update: security hole in the ICQ-Webserver

Source: BID
Type: UNKNOWN
246

Source: CCN
Type: BID-246
ICQ 99a File Existence Information Leakage Vulnerability

Source: XF
Type: UNKNOWN
icq-webserver-gain-information(8229)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mirabilis:icq_web_front:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    mirabilis icq web front *