ID CVE-2002-0150
Summary Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 23-11-2020 - 19:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-05-23T15:05:27.660-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    description Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
    family windows
    id oval:org.mitre.oval:def:137
    status deprecated
    submitted 2004-01-14T12:00:00.000-04:00
    title DEPRECATED: Windows NT IIS HTTP Header Field Buffer Overflow
    version 29
  • accepted 2010-12-20T04:00:56.252-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
    family windows
    id oval:org.mitre.oval:def:39
    status deprecated
    submitted 2004-01-14T12:00:00.000-04:00
    title DEPRECATED: Windows 2000 IIS HTTP Header Field Buffer Overflow
    version 33
refmap via4
bid 4476
cert CA-2002-09
cert-vn VU#454091
cisco 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
osvdb 3316
xf iis-asp-http-header-bo(8797)
Last major update 23-11-2020 - 19:49
Published 22-04-2002 - 04:00
Last modified 23-11-2020 - 19:49
Back to Top