Vulnerabilities > CVE-2002-0073 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | FTP |
NASL id | MSFTP_DOS.NASL |
description | It was possible to make the remote FTP server crash by sending the command |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10934 |
published | 2002-04-10 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10934 |
title | MS02-018: Microsoft IIS FTP Status Request DoS (uncredentialed check) |
code |
|
Oval
accepted 2007-05-23T15:05:41.192-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Josh Turpin organization Symantec Corporation
description The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. family windows id oval:org.mitre.oval:def:24 status deprecated submitted 2003-10-10T12:00:00.000-04:00 title DEPRECATED: Windows NT IIS FTP Connection Status Request Denial of Service version 29 accepted 2010-12-20T04:00:52.224-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Shane Shaffer organization G2, Inc. name Josh Turpin organization Symantec Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. family windows id oval:org.mitre.oval:def:35 status deprecated submitted 2003-10-10T12:00:00.000-04:00 title DEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of Service version 33
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
- http://marc.info/?l=bugtraq&m=101901273810598&w=2
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.digitaloffense.net/msftpd/advisory.txt
- http://www.iss.net/security_center/static/8801.php
- http://www.kb.cert.org/vuls/id/412203
- http://www.osvdb.org/3328
- http://www.securityfocus.com/bid/4482
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35