Vulnerabilities > CVE-2000-0778 - Unspecified vulnerability in Microsoft Internet Information Services 5.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (1). CVE-2000-0778. Remote exploit for windows platform id EDB-ID:20151 last seen 2016-02-02 modified 2000-08-14 published 2000-08-14 reporter smiler source https://www.exploit-db.com/download/20151/ title Microsoft IIS 5.0 - "Translate: f" Source Disclosure Vulnerability 1 description Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (2). CVE-2000-0778. Remote exploit for windows platform id EDB-ID:20152 last seen 2016-02-02 modified 2000-08-14 published 2000-08-14 reporter Roelof Temmingh source https://www.exploit-db.com/download/20152/ title Microsoft IIS 5.0 - "Translate: f" Source Disclosure Vulnerability 2
Nessus
NASL family CGI abuses NASL id TRANSLATE_F.NASL description There is a serious vulnerability in Windows 2000 (unpatched by SP1) that allows an attacker to view ASP/ASA source code instead of a processed file. SP source code can contain sensitive information such as usernames and passwords for ODBC connections. last seen 2020-06-01 modified 2020-06-02 plugin id 10491 published 2000-08-23 reporter This script is Copyright (C) 2000-2018 Alexander Strouk source https://www.tenable.com/plugins/nessus/10491 title Microsoft IIS Translate f: ASP/ASA Source Disclosure code # # This script was written by Alexander Strouk # # See the Nessus Scripts License for details # include("compat.inc"); if(description) { script_id(10491); script_version ("1.37"); script_cve_id("CVE-2000-0778"); script_bugtraq_id(1578); script_name(english:"Microsoft IIS Translate f: ASP/ASA Source Disclosure"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an information disclosure flaw." ); script_set_attribute(attribute:"description", value: "There is a serious vulnerability in Windows 2000 (unpatched by SP1) that allows an attacker to view ASP/ASA source code instead of a processed file. SP source code can contain sensitive information such as usernames and passwords for ODBC connections." ); script_set_attribute(attribute:"see_also", value: "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-058" ); script_set_attribute(attribute:"solution", value: "Install Windows 2000 Service Pack 1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2000/08/23"); script_set_attribute(attribute:"patch_publication_date", value: "2000/08/14"); script_set_attribute(attribute:"vuln_publication_date", value: "2000/08/15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"downloads the source of IIS scripts such as ASA,ASP"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2000-2020 Alexander Strouk"); script_family(english:"CGI abuses"); script_dependencie("find_service1.nasl", "no404.nasl", "http_version.nasl", "www_fingerprinting_hmap.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if (! port || get_kb_item("Services/www/" + port + "/embedded") ) exit(0); sig = get_kb_item("www/hmap/" + port + "/description"); if ( ! sig ) sig = get_http_banner(port:port); if ( sig && "IIS" >!< sig ) exit(0); if(!get_port_state(port)) exit(0); req = string("GET /global.asa HTTP/1.0\r\n\r\n"); r = http_keepalive_send_recv(port:port, data:req); if ( r !~ "HTTP/[0-9.]+ 500 " ) exit(0); req = string("GET /global.asa\\ HTTP/1.0\r\nTranslate: f\r\n\r\n"); r = http_keepalive_send_recv(port:port, data:req); if ( r =~ "HTTP/[0-9.]+ 404" ) { req = string("GET /global.asa HTTP/1.0\r\nTranslate: f\r\n\r\n"); r = http_keepalive_send_recv(data:req, port:port); if ( r =~ "HTTP/[0-9.]+ 403 " ) { security_warning(port); set_kb_item(name:"Services/www/ms00-058", value:"missing"); } else set_kb_item(name:"Services/www/ms00-058", value:"installed"); }
NASL family CGI abuses NASL id TRANSLATE_F_51.NASL description There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file, when the files are stored on a FAT partition. ASP source code can contain sensitive information such as username last seen 2020-06-01 modified 2020-06-02 plugin id 19596 published 2005-09-08 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19596 title Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
Oval
accepted | 2011-05-16T04:03:36.873-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:927 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2004-05-04T12:00:00.000-04:00 | ||||||||||||
title | IIS5.0 Specialized Header Vulnerability | ||||||||||||
version | 11 |
References
- http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212
- http://www.securityfocus.com/bid/1578
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9%40beta.mia.cz