Vulnerabilities > CVE-1999-0278 - Unspecified vulnerability in Microsoft Internet Information Server and Windows NT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 1 |
Exploit-Db
description | Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability. CVE-1999-0278. Remote exploits for multiple platform |
id | EDB-ID:19118 |
last seen | 2016-02-02 |
modified | 1998-01-01 |
published | 1998-01-01 |
reporter | Paul Ashton |
source | https://www.exploit-db.com/download/19118/ |
title | Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability |
Nessus
NASL family | Web Servers |
NASL id | ASP_SOURCE_DATA.NASL |
description | It is possible to get the source code of a remote ASP script by appending |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10362 |
published | 2000-04-10 |
reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10362 |
title | Microsoft IIS ASP::$DATA ASP Source Disclosure |
code |
|
Oval
accepted | 2011-05-16T04:03:36.138-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
description | In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:913 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2004-05-04T12:00:00.000-04:00 | ||||||||||||||||||||
title | IIS ASP Source Code Access Vulnerability | ||||||||||||||||||||
version | 33 |