ID |
CVE-2002-1745
|
Summary |
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 15-02-2024 - 21:28) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-193 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
refmap
via4
|
bid | 4543 | bugtraq | 20020418 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure | xf | iis-codebrws-view-source(8853) |
|
Last major update |
15-02-2024 - 21:28 |
Published |
31-12-2002 - 05:00 |
Last modified |
15-02-2024 - 21:28 |