Vulnerabilities > CVE-2002-0075 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Oval
accepted 2010-12-20T04:00:40.972-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Josh Turpin organization Symantec Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. family windows id oval:org.mitre.oval:def:210 status deprecated submitted 2003-10-10T12:00:00.000-04:00 title DEPRECATED: Windows 2000 IIS HTTP Redirect Error Message Cross-site Scripting version 32 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Josh Turpin organization Symantec Corporation
description Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. family windows id oval:org.mitre.oval:def:58 status deprecated submitted 2003-08-20T12:00:00.000-04:00 title DEPRECATED: Windows NT IIS HTTP Redirect Error Message Cross-site Scripting version 28
References
- http://marc.info/?l=bugtraq&m=101854677802990&w=2
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8804.php
- http://www.kb.cert.org/vuls/id/520707
- http://www.osvdb.org/3341
- http://www.securityfocus.com/bid/4487
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58