vendor:
YES
by:
or executed. Successful exploitation would yield the same privileges as a user who could successfully log onto the system to a remote user possessing no credentials whatsoever. It has been discovered that a Windows 98 host running Microsoft Personal Web Server is also subject to this vulnerability. (March 18
therefore
CVSS
any file on the same logical drive as any web-accessible file that is accessible to these groups can be deleted
Double Dot Directory Traversal
7.5
CWE
Product Name: YES
Affected Version From: zipo
Affected Version To:
Patch Exists: 2001
Related CWE: 2001) This is the vulnerability exploited by the Code Blue Worm. **UPDATE**: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability."
CPE: 22
Other Scripts:
Microsoft
Tags: https://www.exploit-db.com/raw/20300
Nuclei References:
Internet Information Services (IIS)
Nuclei Metadata: Windows 98, Windows NT
Platforms Tested: Microsoft IIS 4.0
modified
Double Dot Directory Traversal Vulnerability in Microsoft IIS
Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution for "/" and "". Unauthenticated users may access any known file in the context of the IUSR_machinename account. The IUSR_machinename account is a member of the Everyone and Users groups by default
Mitigation:
HIGH
