Weekly Vulnerabilities Reports > January 11 to 17, 1999

Overview

6 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 5 vendors including Microsoft, Debian, Apache, Cisco, and Maximizer. Vulnerabilities are notably categorized as .

  • 4 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-14 CVE-1999-1376 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.

10.0

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-17 CVE-1999-0457 Debian Unspecified vulnerability in Debian Linux 1.3/1.3.1/2.0

Linux ftpwatch program allows local users to gain root privileges.

7.2

3 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-17 CVE-1999-0678 Apache
Debian
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5.0
1999-01-14 CVE-1999-1172 Maximizer Unspecified vulnerability in Maximizer Enterprise 4

By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.

5.0
1999-01-11 CVE-1999-0063 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

5.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-01-14 CVE-1999-1538 Microsoft Remote Web-Based Administration vulnerability in Microsoft Internet Information Server 4.0

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

2.1