CVSS: 7.5EPSS: 93%CPEs: 2EXPL: 0CVE-2002-0364
https://notcve.org/view.php?id=CVE-2002-0364
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html http://marc.info/?l=bugtraq&m=102392069305962&w=2 http://marc.info/?l=ntbugtraq&m=102392308608100&w=2 http://online.securityfocus.com/archive/1/276767 http://www.iss.net/security_center/static/9327.php http://www.kb.cert.org/vuls/id/313819 http://www.securityfocus.com/bid/4855 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028 https://oval.cisecurity.org/repository/search/ •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2002-0419 – Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure
https://notcve.org/view.php?id=CVE-2002-0419
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. • https://www.exploit-db.com/exploits/21313 http://marc.info/?l=bugtraq&m=101535399100534&w=2 http://www.iss.net/security_center/static/8382.php http://www.securityfocus.com/bid/4235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 21%CPEs: 2EXPL: 0CVE-2002-0147
https://notcve.org/view.php?id=CVE-2002-0147
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Desbordamiento de buffer en el mecanismo de transferencia de datos de Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio o ejecutar código, tambien conocido como "Variante del desbordamiento de buffer en codificación troceada" • http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8796.php http://www.kb.cert.org/vuls/id/669779 http://www.osvdb.org/3301 http://www.securityfocus.com/bid/4490 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A22 https://oval.cisecurity& •
CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 0CVE-2002-0150
https://notcve.org/view.php?id=CVE-2002-0150
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Desbordamiento de buffer en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos falsificar la comprobación de seguridad de cabeceras HTTP y causar una denegación de servicio o ejecutar código arbitrario mediante valores de campos de las cabeceras HTTP. • http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8797.php http://www.kb.cert.org/vuls/id/454091 http://www.osvdb.org/3316 http://www.securityfocus.com/bid/4476 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137 https://oval.cisecurity •
CVSS: 5.0EPSS: 10%CPEs: 2EXPL: 0CVE-2002-0072
https://notcve.org/view.php?id=CVE-2002-0072
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Un filtro ISAPI en las Extensiones de Servidor de Front Page y ASP.NET para Internet Information Server (IIS) 4.0, 5.0 y 5.1 no maneja adecuadamente la condición de error cuando se provee una URL larga, lo que permite a atacantes remotos causar una denegación de sevicio (caída). • http://marc.info/?l=bugtraq&m=101853851025208&w=2 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8800.php http://www.kb.cert.org/vuls/id/521059 http://www.osvdb.org/3326 http://www.securityfocus.com/bid/4479 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 •