cbcvebase.
CVE-1999-0737
published 1999-05-07

CVE-1999-0737: The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
28.08%
97.9th percentile
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftinternet_information_server

Detection & IOCsextracted from sources · hover to see the quote

filenameviewcode.asp
path/viewcode
snort
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER viewcode access"; flow:established,to_server; http.uri; content:"/viewcode"; reference:cve,1999-0737; reference:nessus,10576; reference:nessus,12048; classtype:web-application-attack; sid:2101403; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0737, signature_severity Unknown, updated_at 2024_03_08;)
  • Detect inbound HTTP requests to IIS/Site Server containing '/viewcode' in the URI, indicating attempted access to the vulnerable viewcode.asp sample file.
  • The attack targets the viewcode.asp sample file shipped with IIS and Site Server; presence of this file on a server indicates exposure.
  • ·The Snort/Suricata rule uses 'http.uri' sticky buffer with content match on '/viewcode'; ensure the HTTP inspection engine is enabled and normalizing URIs to avoid evasion via encoding.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.