CVE
- Id
- 285
- CVE No.
- CVE-1999-0286
- Status
- Candidate
- Description
- In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
- Phase
- Proposed (19990714)
- Votes
- ACCEPT(3) Armstrong, Cole, Shostack | MODIFY(3) Blake, Levy, Wall | NOOP(5) Baker, Bishop, Landfield, Northcutt, Ozancin | REJECT(1) Frech | REVIEWING(1) Christey
- Comments
- Wall> In some NT web servers, appending a dot at the end of a URL may | allows attackers to read source code for active pages. | Source: MS Knowledge Base Article Q163485 - "Active Server Pages Script Appears | in Browser" | Frech> In the meantime, reword description as "Windows NT" (trademark issue) | Christey> Q163485 does not refer to a space, it refers to a dot. | However, I don"t have other references. | | Reading source code with a dot appended is in CVE-1999-0154, | which will be proposed. A subsequent bug similar to the | dot bug is CVE-1999-0253. | Levy> NTBUGTRAQ: http://www.securityfocus.com/archive/2/22014 | NTBUGTRAQ: http://www.securityfocus.com/archive/2/22019 | BID 273 | Blake> Reference: http://www.allaire.com/handlers/index.cfm?ID=10967 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Frech> BID articles)
