CVE-2002-1182
https://notcve.org/view.php?id=CVE-2002-1182
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. IIS 5.0 Y 5.1 permiten a atacantes remotso causar una denegación de servicio (caída) mediante peticiones WebDAV malformadas que hacen que sea asignada mucha memoria. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.nextgenss.com/advisories/ms-iisdos.txt http://www.nextgenss.com/vna/ms-iisdos.txt http://www.securityfocus.com/bid/4846 http://www.securityfocus.com/bid/6068 http://www.securityfocus.com/bid/6070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://exchange.xforce.ibmcloud.com/vulnerabilities/10184 https://exchange.x •
CVE-2002-0869
https://notcve.org/view.php?id=CVE-2002-0869
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." Vulnerabilidad desconocida en el proceso de anfitrión (dllhost.exe) en Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ganar privilegios ejecutando una aplicación fuera de proceso que adquiere privilegios de LocalSystem, también conocida como "Elevación de Privilegios Fuera de Proceso". • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html http://marc.info/?l=bugtraq&m=103642839205574&w=2 http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.iss.net/security_center/static/10502.php http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929 https://oval.cisecurity.org/reposi •
CVE-2002-1181
https://notcve.org/view.php?id=CVE-2002-1181
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. Múltiples vulnerabilidades de scripting en sitios cruzados (XSS) en las páginas web de administració de Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ejecutar código HTML como otros usuarios. • http://marc.info/?l=bugtraq&m=103651224215736&w=2 http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.iss.net/security_center/static/10501.php http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html http://www.securityfocus.com/bid/6068 http://www.securityfocus.com/bid/6072 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942 https://oval.cise •
CVE-2002-0364
https://notcve.org/view.php?id=CVE-2002-0364
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html http://marc.info/?l=bugtraq&m=102392069305962&w=2 http://marc.info/?l=ntbugtraq&m=102392308608100&w=2 http://online.securityfocus.com/archive/1/276767 http://www.iss.net/security_center/static/9327.php http://www.kb.cert.org/vuls/id/313819 http://www.securityfocus.com/bid/4855 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028 https://oval.cisecurity.org/repository/search/ •
CVE-2002-0422 – Microsoft IIS HTTP Internal IP Disclosure
https://notcve.org/view.php?id=CVE-2002-0422
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions. • http://marc.info/?l=bugtraq&m=101536634207324&w=2 http://marc.info/?l=ntbugtraq&m=101535147125320&w=2 http://www.iss.net/security_center/static/8385.php http://www.osvdb.org/13431 https://support.microsoft.com/en-us/help/218180/internet-information-server-returns-ip-address-in-http-header-content https://support.microsoft.com/en-us/topic/fix-the-internal-ip-address-of-an-iis-7-0-server-is-revealed-if-an-http-request-that-does-not-have-a-host-header-or-has-a-null-host-hea • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •