Vulnerabilities > CVE-2002-0149 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Web Servers NASL id IIS_ASP_OVERFLOW.NASL description There last seen 2020-06-01 modified 2020-06-02 plugin id 10935 published 2002-04-10 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10935 title Microsoft IIS ASP ISAPI Filter Multiple Overflows NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS02-018.NASL description The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 10943 published 2002-04-23 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10943 title MS02-018: Cumulative Patch for Internet Information Services (327696)
Oval
accepted 2007-05-23T15:05:27.371-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Josh Turpin organization Symantec Corporation
description Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. family windows id oval:org.mitre.oval:def:132 status deprecated submitted 2004-01-14T12:00:00.000-04:00 title DEPRECATED: Windows NT IIS ASP Server-Side Include Function Buffer Overflow version 29 accepted 2010-12-20T04:01:42.893-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Shane Shaffer organization G2, Inc. name Josh Turpin organization Symantec Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. family windows id oval:org.mitre.oval:def:95 status deprecated submitted 2004-01-14T12:00:00.000-04:00 title DEPRECATED: Windows 2000 IIS ASP Server-Side Include Function Buffer Overflow version 33
References
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8798.php
- http://www.iss.net/security_center/static/8798.php
- http://www.kb.cert.org/vuls/id/721963
- http://www.kb.cert.org/vuls/id/721963
- http://www.osvdb.org/3320
- http://www.osvdb.org/3320
- http://www.securityfocus.com/bid/4478
- http://www.securityfocus.com/bid/4478
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95