Vulnerability CVE-2001-0089

Vulnerability Name:

CVE-2001-0089 (CCN-5615)

Assigned:

2000-12-01

Published:

2000-12-01

Updated:

2021-07-23

Summary:

Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2001-0089

Source: CCN
Type: Microsoft Security Bulletin MS00-093
Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS01-015
IE can Divulge Location of Cached Content

Source: CCN
Type: Microsoft Security Bulletin MS01-027
Flaws in Web Server Certificate Validation Could Enable Spoofing

Source: CCN
Type: OSVDB ID: 7822
Microsoft IE HTML Form Input Element Arbitrary File Access

Source: CCN
Type: BID-2045
Microsoft Internet Explorer INPUT TYPE=FILE Vulnerability

Source: MS
Type: UNKNOWN
MS00-093

Source: XF
Type: UNKNOWN
ie-form-file-upload(5615)

Source: XF
Type: UNKNOWN
ie-form-file-upload(5615)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_explorer:*:*:*:*:*:*:*:* (Version <= 5.5)

OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:-:*:*:*:*:*:*

Denotes that component is vulnerable

BACK