CVSS: 7.5EPSS: 21%CPEs: 2EXPL: 0CVE-2002-0147
https://notcve.org/view.php?id=CVE-2002-0147
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Desbordamiento de buffer en el mecanismo de transferencia de datos de Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio o ejecutar código, tambien conocido como "Variante del desbordamiento de buffer en codificación troceada" • http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8796.php http://www.kb.cert.org/vuls/id/669779 http://www.osvdb.org/3301 http://www.securityfocus.com/bid/4490 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A22 https://oval.cisecurity& •
CVSS: 5.0EPSS: 10%CPEs: 2EXPL: 0CVE-2002-0072
https://notcve.org/view.php?id=CVE-2002-0072
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Un filtro ISAPI en las Extensiones de Servidor de Front Page y ASP.NET para Internet Information Server (IIS) 4.0, 5.0 y 5.1 no maneja adecuadamente la condición de error cuando se provee una URL larga, lo que permite a atacantes remotos causar una denegación de sevicio (caída). • http://marc.info/?l=bugtraq&m=101853851025208&w=2 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8800.php http://www.kb.cert.org/vuls/id/521059 http://www.osvdb.org/3326 http://www.securityfocus.com/bid/4479 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 •
CVSS: 5.0EPSS: 96%CPEs: 2EXPL: 0CVE-2002-0073
https://notcve.org/view.php?id=CVE-2002-0073
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. El servicio FTP en Intenet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes que han establecido una sesión FTP causar una denegación de servicio mediante una petición de estado especialmente formada. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html http://marc.info/?l=bugtraq&m=101901273810598&w=2 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.digitaloffense.net/msftpd/advisory.txt http://www.iss.net/security_center/static/8801.php http://www.kb.cert.org/vuls/id/412203 http://www.osvdb.org/3328 http://www.securityfocus.com/bid/4482 https://docs. •
CVSS: 7.5EPSS: 21%CPEs: 2EXPL: 0CVE-2002-0149
https://notcve.org/view.php?id=CVE-2002-0149
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Desbordamiento de buffer en las funciones de inclusión de ficheros en el servidor (server-side include) de ASP en IIS 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante nombres de fichero largos. • http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8798.php http://www.kb.cert.org/vuls/id/721963 http://www.osvdb.org/3320 http://www.securityfocus.com/bid/4478 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132 https://oval.cisecurity •
CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 0CVE-2002-0074
https://notcve.org/view.php?id=CVE-2002-0074
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. Vulnerabilidad de secuencias de comandos en sitios cruzados (Cross-site scripting) en el fichero de Ayuda del Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos insertar código en otra sesión de usuario. • http://seclists.org/bugtraq/2002/Apr/0126.html http://www.cert.org/advisories/CA-2002-09.html http://www.cgisecurity.com/advisory/9.txt http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8802.php http://www.kb.cert.org/vuls/id/883091 http://www.osvdb.org/3338 http://www.securityfocus.com/bid/4483 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://o •