Vulnerability Name:

CVE-2001-0004 (CCN-5903)

Assigned:2001-01-08
Published:2001-01-08
Updated:2018-10-30
Summary:IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2001-0004

Source: BUGTRAQ
Type: UNKNOWN
20010108 IIS 5.0 allows viewing files using %3F+.htr

Source: CCN
Type: CIAC Information Bulletin K-041
Denial of Service and File Reading Vulnerabilities in Microsoft IIS

Source: CCN
Type: Georgi Guninski Security Advisory #33
IIS 5.0 allows viewing files using %3F+.htr

Source: CCN
Type: US-CERT VU#264272
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing %3F+.htr

Source: CCN
Type: Microsoft Security Bulletin MS01-004 FAQ
Microsoft Security Bulletin (MS01-004): Frequently Asked Questions

Source: CCN
Type: Microsoft Security Bulletin MS00-031
Patch Available for 'Undelimited .HTR Request' and 'File Fragment Reading via .HTR' Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS00-044
Patch Available for 'Absent Directory Browser Argument' Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS01-004
Patch Available for New Variant of 'File Fragment Reading via .HTR' Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS01-041
Malformed RPC Request Can Cause Service Failure

Source: CCN
Type: Microsoft Security Bulletin MS02-001
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

Source: CCN
Type: Microsoft Security Bulletin MS02-018
Cumulative Patch for Internet Information Services (Q319733)

Source: CCN
Type: Microsoft Security Bulletin MS02-062
Cumulative Patch for Internet Information Service (Q327696)

Source: CCN
Type: Microsoft Security Bulletin MS03-018
Cumulative Patch for Internet Information Service (811114)

Source: CCN
Type: OSVDB ID: 1750
Microsoft IIS File Fragment Disclosure

Source: BID
Type: UNKNOWN
2313

Source: CCN
Type: BID-2313
Microsoft IIS File Fragment Disclosure Vulnerability

Source: MS
Type: UNKNOWN
MS01-004

Source: XF
Type: UNKNOWN
iis-read-files(5903)

Source: XF
Type: UNKNOWN
iis-read-files(5903)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet information server 4.0
    microsoft internet information services 5.0
    microsoft internet information server 4.0
    microsoft internet information server 5.0