CVE

Id
449  
CVE No.
CVE-1999-0450  
Status
Candidate  
Description
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).  
Phase
Modified (20090622)  
Votes
ACCEPT(2) Ozancin, Wall | NOOP(2) Baker, Christey | REJECT(2) Frech, LeBlanc  
Comments
Frech> Can"t find in database. | Christey> This looks like another discovery of CVE-2000-0071 | LeBlanc> - I just tried to repro this based on the BUGTRAQ vuln information, | and it does not repro - | GET /bogus.pl HTTP/1.0 | HTTP/1.1 404 Object Not Found | Server: Microsoft-IIS/5.0 | Date: Thu, 05 Oct 2000 21:04:20 GMT | Content-Length: 3243 | Content-Type: text/html | No path is returned whatsoever. This may have been a problem on some version | of IIS in the past, but the BUGTRAQ ID says all versions are vulnerable. | Let"s try and figure out what version had the problem, whether it is | intrinsic to IIS or the result of adding a 3rd party implementation of perl, | and when it got fixed, then we can try again. | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Christey> Add "no-such-file.pl" as an example to the desc, to facilitate | search (it"s used by CGI scanners and in the original example)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
990 449 CVE-1999-0450 BUGTRAQ:19990122 Perl.exe and IIS security advisory  View
991 449 CVE-1999-0450 BID:194  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
64224 JVNDB-2000-000004 Microsoft IIS の ISAPI 拡張による Web ルートディレクトリのパス情報が漏洩する脆弱性 Microsoft IIS には、ISAPI 拡張によって拡張子にマッピングされている idq や .pl といった拡張子を持つ、実際には存在しないファイルへの GET リクエストを受信した際、 エラーメッセージと共に Web ルートディレクトリの絶対パスを表示してしまう脆弱性が存在します。 CVE-1999-0450 449 7.5 http://jvndb.jvn.jp/ja/contents/2000/JVNDB-2000-000004.html  View