Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0450

4 documents4 sources

Severity

7.5HIGH

EPSS

25.3%

top 3.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedJan 26

Latest updateApr 30

Description

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server3.0, 4.0+1

▶NVDmicrosoft/internet_information_services2.0, 5.0+1

🔴Vulnerability Details

GHSA

GHSA-9hg3-q33f-m995: In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl↗2022-04-30

▶

CVEList

CVE-1999-0450: In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl↗2000-02-04

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory↗1999-01-26

▶