CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
http://www.securityfocus.com/bid/1174
http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
http://www.securityfocus.com/bid/1174

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:frontpage::::::::
	cpe:2.3:a:microsoft:internet_information_server:4.0:::::::*
	cpe:2.3:a:microsoft:internet_information_services:5.0:::::::*

History

20 Nov 2024, 23:32

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html -
References	~~() http://www.securityfocus.com/bid/1174 -~~	() http://www.securityfocus.com/bid/1174 -

Information

Published : 2000-05-06 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2000-0413

Mitre link : CVE-2000-0413

CVE.ORG link : CVE-2000-0413

JSON object : View

Products Affected

microsoft

frontpage
internet_information_services
internet_information_server

CWE

NVD-CWE-Other

{"id": "CVE-2000-0413", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-05-06T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/1174", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/1174", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0951E183-2BFE-4B19-9F06-107B5E22DBC5"}, {"criteria": "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D47E9C4-5439-4A82-BBD8-D6B482B47E51"}, {"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10