ID CVE-2002-0071
Summary Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
References
Vulnerable Configurations
  • Microsoft IIS 4.0
    cpe:2.3:a:microsoft:internet_information_server:4.0
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:internet_information_services:5.0
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id IIS_HTR_ISAPI.NASL
    description The IIS server appears to have the .HTR ISAPI filter mapped. At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server. It is recommended that, even if you have patched this vulnerability, you unmap the .HTR extension and any other unused ISAPI extensions if they are not required for the operation of your site.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 10932
    published 2002-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10932
    title Microsoft IIS .HTR ISAPI Filter Enabled
  • NASL family Web Servers
    NASL id IIS_HTR_OVERFLOW.NASL
    description The remote server is vulnerable to a buffer overflow in the .HTR filter. An attacker may use this flaw to execute arbitrary code on this host (although the exploitation of this flaw is considered difficult).
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 11028
    published 2002-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11028
    title Microsoft IIS .HTR Filter Multiple Overflows (MS02-028)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS02-018.NASL
    description The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 10943
    published 2002-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10943
    title MS02-018: Cumulative Patch for Internet Information Services (327696)
oval via4
  • accepted 2010-12-20T04:00:31.897-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
    family windows
    id oval:org.mitre.oval:def:130
    status deprecated
    submitted 2004-01-14T12:00:00.000-04:00
    title DEPRECATED: Windows 2000 HTR ISAPI Buffer Overflow
    version 32
  • accepted 2007-05-23T15:05:46.010-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    description Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
    family windows
    id oval:org.mitre.oval:def:45
    status deprecated
    submitted 2004-01-14T12:00:00.000-04:00
    title DEPRECATED: Windows NT HTR ISAPI Buffer Overflow
    version 28
refmap via4
atstake A041002-1
bid 4474
bugtraq 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
cert CA-2002-09
cert-vn VU#363715
cisco 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
ms MS02-018
osvdb 3325
vulnwatch 20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
xf iis-htr-isapi-bo(8799)
Last major update 17-10-2016 - 22:15
Published 22-04-2002 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top