First published: Thu Aug 19 1999(Updated: )
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Information Services | =3.0 | |
Microsoft Internet Information Services | =3.0 | |
Microsoft Internet Information Services | =3.0 | |
Microsoft Internet Information Services | =4.0 | |
Microsoft Internet Information Services | =4.0 | |
Microsoft Internet Information Services | =4.0 | |
=3.0 | ||
=3.0 | ||
=3.0 | ||
=4.0 | ||
=4.0 | ||
=4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-1999-0725 allows remote attackers to view the source code of certain files in IIS when using a default language of Chinese, Korean, or Japanese.
IIS versions 3.0 and 4.0 are affected by CVE-1999-0725 when set to a default language of Chinese, Korean, or Japanese.
The impact of CVE-1999-0725 is the exposure of source code, which can lead to further exploitation of the web application.
Mitigating CVE-1999-0725 can be achieved by changing the default language settings away from Chinese, Korean, or Japanese in IIS.
Yes, Microsoft provides patches and updates to address vulnerabilities like CVE-1999-0725 in supported versions of Internet Information Server.