CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2CVE-2002-1790 – Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
https://notcve.org/view.php?id=CVE-2002-1790
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. • https://www.exploit-db.com/exploits/21613 http://online.securityfocus.com/archive/1/281914 http://www.iss.net/security_center/static/9580.php http://www.securityfocus.com/bid/5213 •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2002-1181
https://notcve.org/view.php?id=CVE-2002-1181
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. Múltiples vulnerabilidades de scripting en sitios cruzados (XSS) en las páginas web de administració de Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ejecutar código HTML como otros usuarios. • http://marc.info/?l=bugtraq&m=103651224215736&w=2 http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.iss.net/security_center/static/10501.php http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html http://www.securityfocus.com/bid/6068 http://www.securityfocus.com/bid/6072 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942 https://oval.cise •
CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 0CVE-2002-0869
https://notcve.org/view.php?id=CVE-2002-0869
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." Vulnerabilidad desconocida en el proceso de anfitrión (dllhost.exe) en Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ganar privilegios ejecutando una aplicación fuera de proceso que adquiere privilegios de LocalSystem, también conocida como "Elevación de Privilegios Fuera de Proceso". • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html http://marc.info/?l=bugtraq&m=103642839205574&w=2 http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.iss.net/security_center/static/10502.php http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929 https://oval.cisecurity.org/reposi •
CVSS: 7.5EPSS: 93%CPEs: 2EXPL: 0CVE-2002-0364
https://notcve.org/view.php?id=CVE-2002-0364
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html http://marc.info/?l=bugtraq&m=102392069305962&w=2 http://marc.info/?l=ntbugtraq&m=102392308608100&w=2 http://online.securityfocus.com/archive/1/276767 http://www.iss.net/security_center/static/9327.php http://www.kb.cert.org/vuls/id/313819 http://www.securityfocus.com/bid/4855 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028 https://oval.cisecurity.org/repository/search/ •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2CVE-2002-0419 – Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure
https://notcve.org/view.php?id=CVE-2002-0419
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. • https://www.exploit-db.com/exploits/21313 http://marc.info/?l=bugtraq&m=101535399100534&w=2 http://www.iss.net/security_center/static/8382.php http://www.securityfocus.com/bid/4235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •