Vulnerabilities > CVE-2002-0072 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Web Servers |
NASL id | IIS_FRONTPAGE_DOS.NASL |
description | There |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10937 |
published | 2002-04-11 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10937 |
title | Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/25968/iisfux0r.txt |
id | PACKETSTORM:25968 |
last seen | 2016-12-05 |
published | 2002-04-23 |
reporter | Filip Maertens |
source | https://packetstormsecurity.com/files/25968/iisfux0r.txt.html |
title | iisfux0r.txt |
References
- http://marc.info/?l=bugtraq&m=101853851025208&w=2
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8800.php
- http://www.kb.cert.org/vuls/id/521059
- http://www.osvdb.org/3326
- http://www.securityfocus.com/bid/4479
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018