ID CVE-2002-0148
Summary Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Josh Turpin
      organization Symantec Corporation
    description Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
    family windows
    id oval:org.mitre.oval:def:81
    status deprecated
    submitted 2003-08-20T12:00:00.000-04:00
    title DEPRECATED: Windows NT IIS HTTP Error Page Cross-site Scripting
    version 27
  • accepted 2010-12-20T04:01:42.201-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
    family windows
    id oval:org.mitre.oval:def:92
    status deprecated
    submitted 2003-10-10T12:00:00.000-04:00
    title DEPRECATED: Windows 2000 IIS HTTP Error Page Cross-site Scripting
    version 31
refmap via4
bid 4486
bugtraq 20020410 IIS allows universal CrossSiteScripting
cert CA-2002-09
cert-vn VU#886699
cisco 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
ms MS02-018
osvdb 3339
xf iis-http-error-page-css(8803)
Last major update 30-10-2018 - 16:25
Published 22-04-2002 - 04:00
Back to Top