Lucene search

K
cveMicrosoftCVE-2017-0055
HistoryMar 17, 2017 - 12:59 a.m.

CVE-2017-0055

2017-03-1700:59:01
CWE-79
microsoft
web.nvd.nist.gov
252
microsoft
iis
server
xss
elevation of privilege
vulnerability
windows vista
windows server 2008
windows 7
windows 8.1
windows server 2012
windows rt 8.1
windows 10
windows server 2016
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.005

Percentile

76.4%

Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka “Microsoft IIS Server XSS Elevation of Privilege Vulnerability.”

Affected configurations

Nvd
Vulners
Node
microsoftwindows_10Match-
OR
microsoftwindows_10Match1511
OR
microsoftwindows_10Match1607
OR
microsoftwindows_7sp1
OR
microsoftwindows_8.1
OR
microsoftwindows_rt_8.1
OR
microsoftwindows_server_2008sp2
OR
microsoftwindows_server_2008Matchr2
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016
OR
microsoftwindows_vistasp2
VendorProductVersionCPE
microsoftwindows_vistacpe:/o:microsoft:windows_vista::sp2::
microsoftwindows_server_2008r2cpe:/o:microsoft:windows_server_2008:r2:::
microsoftwindows_101607cpe:/o:microsoft:windows_10:1607:::
microsoftwindows_server_2012r2cpe:/o:microsoft:windows_server_2012:r2:::
microsoftwindows_101511cpe:/o:microsoft:windows_10:1511:::
microsoftwindows_7cpe:/o:microsoft:windows_7::sp1::
microsoftwindows_server_2012-cpe:/o:microsoft:windows_server_2012:-:::
microsoftwindows_server_2008cpe:/o:microsoft:windows_server_2008::sp2::
microsoftwindows_8.1cpe:/o:microsoft:windows_8.1::::
microsoftwindows_server_2016cpe:/o:microsoft:windows_server_2016::::
Rows per page:
1-10 of 121

CNA Affected

[
  {
    "product": "IIS Server",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016"
      }
    ]
  }
]

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.005

Percentile

76.4%