Search...

MS Site Server ASP Upload Remote Command Execution

1999-01-30T00:00:00

ID OSVDB:5884
Type osvdb
Reporter OSVDB
Modified 1999-01-30T00:00:00

Description

No description provided by the source

References:

Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=91763097004101&w=2 ISS X-Force ID: 5384 CVE-1999-0360 Bugtraq ID: 1811

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "1999-01-30T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:5884", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "af2ba97c8c346ad11de021184b451695"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "a8ec97c62fd02a320c365de52285fc80"}, {"key": "href", "hash": "24e26400e07ac968c1f079b25b226f8a"}, {"key": "modified", "hash": "12549730b070c4cfcf1bd500f554fd1a"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "12549730b070c4cfcf1bd500f554fd1a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "12d56a2b2a7a0daba657cd1b63b78872"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "MS Site Server ASP Upload Remote Command Execution", "affectedSoftware": [], "enchantments": {"vulnersScore": 7.5}, "references": [], "id": "OSVDB:5884", "hash": "c318572d7025164350c070926b69c9253de4639de6dac74cc6672e7060481c94", "lastseen": "2017-04-28T13:20:00", "cvelist": ["CVE-1999-0360"], "modified": "1999-01-30T00:00:00", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=91763097004101&w=2\nISS X-Force ID: 5384\n[CVE-1999-0360](https://vulners.com/cve/CVE-1999-0360)\nBugtraq ID: 1811\n"}

{"result": {"cve": [{"id": "CVE-1999-0360", "type": "cve", "title": "CVE-1999-0360", "description": "MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.", "published": "1999-01-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0360", "cvelist": ["CVE-1999-0360"], "lastseen": "2017-04-18T15:49:14"}], "osvdb": [{"id": "OSVDB:285", "type": "osvdb", "title": "Microsoft IIS repost.asp File Upload", "description": "## Vulnerability Description\nThis host is running Microsoft IIS web server and the file /scripts/repost.asp is installed. This APS file contains a configuration flaw that allows an attacker to upload files to the /users directory. An attacker could use this to upload arbitrary files onto this host.\n## Technical Description\nChecks for /scripts/repost.asp.\n## Solution Description\nMake sure the permissions for anonymous access to the /users directory are set to read only.\n## Short Description\nThis host is running Microsoft IIS web server and the file /scripts/repost.asp is installed. This APS file contains a configuration flaw that allows an attacker to upload files to the /users directory. An attacker could use this to upload arbitrary files onto this host.\n## References:\nSnort Signature ID: 1076\n[Nessus Plugin ID:10372](https://vulners.com/search?query=pluginID:10372)\nMail List Post: http://www.securityfocus.com/archive/82/84565\nISS X-Force ID: 5384\n[CVE-1999-0360](https://vulners.com/cve/CVE-1999-0360)\nBugtraq ID: 1811\n", "published": "2000-09-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:285", "cvelist": ["CVE-1999-0360"], "lastseen": "2017-04-28T13:19:55"}], "exploitdb": [{"id": "EDB-ID:20305", "type": "exploitdb", "title": "Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability", "description": "Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability. CVE-1999-0360. Remote exploit for windows platform", "published": "1999-01-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/20305/", "cvelist": ["CVE-1999-0360"], "lastseen": "2016-02-02T13:56:59"}], "nessus": [{"id": "IIS_REPOST_ASP.NASL", "type": "nessus", "title": "Microsoft IIS repost.asp File Upload", "description": "The script '/scripts/repost.asp' is installed on the remote IIS web server and allows an attacker to upload arbitrary files to the '/Users' directory if it has not been configured properly.", "published": "2000-04-15T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=10372", "cvelist": ["CVE-1999-0360"], "lastseen": "2018-07-14T06:23:16"}]}}