OpenCVE

ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mirabilis	Icq Web Front

Configuration 1 [-]

cpe:2.3:a:mirabilis:icq_web_front:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/13508
http://www.securityfocus.com/bid/246

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2001-09-12T04:00:00

Updated: 2024-08-01T17:11:03.234Z

Reserved: 2001-08-31T00:00:00

Link: CVE-1999-1418

Vulnrichment

No data.

NVD

Status : Modified

Published: 1999-05-01T04:00:00.000

Modified: 2024-11-20T23:31:04.100

Link: CVE-1999-1418

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "1999-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "ICQ99 ICQ web server build 1701 with \"Active Homepage\" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists (\"404 Forbidden\") versus when a file does not exist (\"404 not found\")."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19990501 Update: security hole in the ICQ-Webserver", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/13508"}, {"name": "246", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/246"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-1418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ICQ99 ICQ web server build 1701 with \"Active Homepage\" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists (\"404 Forbidden\") versus when a file does not exist (\"404 not found\")."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19990501 Update: security hole in the ICQ-Webserver", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/13508"}, {"name": "246", "refsource": "BID", "url": "http://www.securityfocus.com/bid/246"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:11:03.234Z"}, "title": "CVE Program Container", "references": [{"name": "19990501 Update: security hole in the ICQ-Webserver", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/13508"}, {"name": "246", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/246"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-1418", "datePublished": "2001-09-12T04:00:00", "dateReserved": "2001-08-31T00:00:00", "dateUpdated": "2024-08-01T17:11:03.234Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}