Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1375 — Microsoft Internet Information Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

74.0%

top 1.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server

Timeline

PublishedFeb 11

Latest updateApr 30

Description

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_information_server3.0, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-5j2c-m66w-j2qp: FileSystemObject (FSO) in the showfile↗2022-04-30

▶

CVEList

CVE-1999-1375: FileSystemObject (FSO) in the showfile↗2001-09-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files↗1999-02-11

▶