Weekly Vulnerabilities Reports > January 11 to 17, 1999
6 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 5 vendors including Microsoft, Debian, Apache, Cisco, and Maximizer. Vulnerabilities are notably categorized as .
- 4 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
|1999-01-14||CVE-1999-1376||Microsoft|| Unspecified vulnerability in Microsoft Internet Information Server 4.0 |
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
1 High Vulnerabilities
|1999-01-17||CVE-1999-0457||Debian|| Unspecified vulnerability in Debian Linux 1.3/1.3.1/2.0 |
Linux ftpwatch program allows local users to gain root privileges.
3 Medium Vulnerabilities
|1999-01-17||CVE-1999-0678|| Apache |
|A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.|| |
|1999-01-14||CVE-1999-1172||Maximizer|| Unspecified vulnerability in Maximizer Enterprise 4 |
By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
|1999-01-11||CVE-1999-0063||Cisco|| Unspecified vulnerability in Cisco IOS |
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.
1 Low Vulnerabilities
|1999-01-14||CVE-1999-1538||Microsoft|| Remote Web-Based Administration vulnerability in Microsoft Internet Information Server 4.0 |
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.