Vulnerabilities > CVE-1999-0253 - Unspecified vulnerability in Microsoft products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

nessus

NVD

Published: 1997-01-01

Updated: 2022-08-17

Summary

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Information Server 3.0 Microsoft Internet Information Services 1.0 Microsoft Internet Information Services 2.0	3

Nessus

NASL family	Web Servers
NASL id	ASP_SOURCE_DOT.NASL
description	It is possible to get the source code of a remote ASP script by appending
last seen	2020-06-01
modified	2020-06-02
plugin id	10363
published	2000-04-10
reporter	This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10363
title	Microsoft IIS/PWS %2e Request ASP Source Disclosure

References

http://www.securityfocus.com/bid/1814