CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1180
https://notcve.org/view.php?id=CVE-2002-1180
12 Nov 2002 — A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Un error tipográfico en los permisos de acceso a fuentes de scripts en Internet Information Server (IIS) 5.0 no excluye adecuadamente ficheros .COM, lo que permite a atacantes con sólo permisos de escritura cargar ficheros .COM, también conocida... • http://www.ciac.org/ciac/bulletins/n-011.shtml •
CVSS: 7.5EPSS: 31%CPEs: 1EXPL: 0CVE-2002-1182
https://notcve.org/view.php?id=CVE-2002-1182
12 Nov 2002 — IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. IIS 5.0 Y 5.1 permiten a atacantes remotso causar una denegación de servicio (caída) mediante peticiones WebDAV malformadas que hacen que sea asignada mucha memoria. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html •
CVSS: 9.8EPSS: 27%CPEs: 2EXPL: 0CVE-2002-0869
https://notcve.org/view.php?id=CVE-2002-0869
02 Nov 2002 — Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." Vulnerabilidad desconocida en el proceso de anfitrión (dllhost.exe) en Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ganar privilegios ejecutando una aplicación fuera de proceso que adqui... • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html •
CVSS: 6.8EPSS: 10%CPEs: 2EXPL: 0CVE-2002-1181
https://notcve.org/view.php?id=CVE-2002-1181
02 Nov 2002 — Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. Múltiples vulnerabilidades de scripting en sitios cruzados (XSS) en las páginas web de administració de Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ejecut... • http://marc.info/?l=bugtraq&m=103651224215736&w=2 •
CVSS: 9.8EPSS: 65%CPEs: 2EXPL: 0CVE-2002-0364
https://notcve.org/view.php?id=CVE-2002-0364
03 Jul 2002 — Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html •
CVSS: 7.5EPSS: 23%CPEs: 3EXPL: 2CVE-2002-0419 – Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure
https://notcve.org/view.php?id=CVE-2002-0419
11 Jun 2002 — Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE... • https://www.exploit-db.com/exploits/21313 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 40%CPEs: 1EXPL: 1CVE-2002-0422 – Microsoft IIS HTTP Internal IP Disclosure
https://notcve.org/view.php?id=CVE-2002-0422
11 Jun 2002 — IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. Ho... • https://packetstorm.news/files/id/181126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 58%CPEs: 12EXPL: 0CVE-2002-0224
https://notcve.org/view.php?id=CVE-2002-0224
03 May 2002 — The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. El MSDTC (Microsoft Distributed Transaction Service Coordinator) para MS Windows 2000, MS IIS 5.0 y SQL Server 6.5 a 2000 permite a atacantes remotos causar una denegación de servicio (caída o cuelgue) mediante entradas malformadas (aleatorias). • http://online.securityfocus.com/archive/1/253360 •
CVSS: 9.8EPSS: 67%CPEs: 2EXPL: 0CVE-2002-0071
https://notcve.org/view.php?id=CVE-2002-0071
22 Apr 2002 — Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Desbordamiento de buffer la extensión ISAPI ism.dll que implementa los scripts HTR en MS Internet Information Server (IIS) 4.0 y 5.0 permite a atacantes causar una denegación de servido o ejecutar código arbitrario mediante peticiones HTR con nombres de variables largos. • http://marc.info/?l=bugtraq&m=101854087828265&w=2 •
CVSS: 7.5EPSS: 31%CPEs: 2EXPL: 0CVE-2002-0072
https://notcve.org/view.php?id=CVE-2002-0072
22 Apr 2002 — The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Un filtro ISAPI en las Extensiones de Servidor de Front Page y ASP.NET para Internet Information Server (IIS) 4.0, 5.0 y 5.1 no maneja adecuadamente la condición de error cuando se provee una URL lar... • http://marc.info/?l=bugtraq&m=101853851025208&w=2 •