Vulnerability in N/a
CVE-2002-0071
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
EPSS: 0.695 (98.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- oval:org.mitre.oval:def:45 (signature, x_refsource_OVAL, vdb-entry)
- oval:org.mitre.oval:def:130 (signature, x_refsource_OVAL, vdb-entry)
- 3325 (x_refsource_OSVDB, vdb-entry)
- A041002-1 (x_refsource_ATSTAKE, vendor-advisory)
- 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (mailing-list, x_refsource_BUGTRAQ)
- 4474 (vdb-entry, x_refsource_BID)
- VU#363715 (x_refsource_CERT-VN, third-party-advisory)
- MS02-018 (x_refsource_MS, vendor-advisory)
- iis-htr-isapi-bo(8799) (vdb-entry, x_refsource_XF)
- CA-2002-09 (x_refsource_CERT, third-party-advisory)