ID CVE-2002-0072
Summary The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
References
Vulnerable Configurations
  • Microsoft IIS 4.0
    cpe:2.3:a:microsoft:internet_information_server:4.0
  • Microsoft IIS 5.1
    cpe:2.3:a:microsoft:internet_information_server:5.1
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:internet_information_services:5.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id IIS_FRONTPAGE_DOS.NASL
description There's a denial of service vulnerability on the remote host in the Front Page ISAPI filter. An attacker may use this flaw to prevent the remote service from working properly.
last seen 2019-02-21
modified 2018-11-15
plugin id 10937
published 2002-04-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10937
title Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733)
packetstorm via4
data source https://packetstormsecurity.com/files/download/25968/iisfux0r.txt
id PACKETSTORM:25968
last seen 2016-12-05
published 2002-04-23
reporter Filip Maertens
source https://packetstormsecurity.com/files/25968/iisfux0r.txt.html
title iisfux0r.txt
refmap via4
bid 4479
bugtraq 20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
cert CA-2002-09
cert-vn VU#521059
cisco 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
ms MS02-018
osvdb 3326
xf iis-isapi-filter-error-dos(8800)
Last major update 17-10-2016 - 22:15
Published 22-04-2002 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top