Vulnerabilities > CVE-2002-0148 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability. CVE-2002-0148. Remote exploit for windows platform |
id | EDB-ID:21372 |
last seen | 2016-02-02 |
modified | 2002-04-10 |
published | 2002-04-10 |
reporter | Thor Larholm |
source | https://www.exploit-db.com/download/21372/ |
title | Microsoft IIS 4/5 HTTP Error Page Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | IIS_XSS_404.NASL |
description | This IIS Server appears to be vulnerable to one of the cross-site scripting attacks described in MS02-018. The default |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10936 |
published | 2002-04-11 |
reporter | This script is Copyright (C) 2002-2018 Matt Moore |
source | https://www.tenable.com/plugins/nessus/10936 |
title | Microsoft IIS Multiple Vulnerabilities (MS02-018) |
code |
|
Oval
class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Josh Turpin organization Symantec Corporation
description Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. family windows id oval:org.mitre.oval:def:81 status deprecated submitted 2003-08-20T12:00:00.000-04:00 title DEPRECATED: Windows NT IIS HTTP Error Page Cross-site Scripting version 28 accepted 2010-12-20T04:01:42.201-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Josh Turpin organization Symantec Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. family windows id oval:org.mitre.oval:def:92 status deprecated submitted 2003-10-10T12:00:00.000-04:00 title DEPRECATED: Windows 2000 IIS HTTP Error Page Cross-site Scripting version 32
References
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8803.php
- http://www.kb.cert.org/vuls/id/886699
- http://www.osvdb.org/3339
- http://www.securityfocus.com/bid/4486
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92