Vulnerabilities > CVE-2002-0149 - Unspecified vulnerability in Microsoft products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus

Summary

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Nessus

  • NASL familyWeb Servers
    NASL idIIS_ASP_OVERFLOW.NASL
    descriptionThere
    last seen2020-06-01
    modified2020-06-02
    plugin id10935
    published2002-04-10
    reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10935
    titleMicrosoft IIS ASP ISAPI Filter Multiple Overflows
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS02-018.NASL
    descriptionThe remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id10943
    published2002-04-23
    reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10943
    titleMS02-018: Cumulative Patch for Internet Information Services (327696)

Oval

  • accepted2007-05-23T15:05:27.371-04:00
    classvulnerability
    contributors
    • nameTiffany Bergeron
      organizationThe MITRE Corporation
    • nameGlenn Strickland
      organizationSecure Elements, Inc.
    • nameJosh Turpin
      organizationSymantec Corporation
    descriptionBuffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
    familywindows
    idoval:org.mitre.oval:def:132
    statusdeprecated
    submitted2004-01-14T12:00:00.000-04:00
    titleDEPRECATED: Windows NT IIS ASP Server-Side Include Function Buffer Overflow
    version29
  • accepted2010-12-20T04:01:42.893-05:00
    classvulnerability
    contributors
    • nameTiffany Bergeron
      organizationThe MITRE Corporation
    • nameGlenn Strickland
      organizationSecure Elements, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameJosh Turpin
      organizationSymantec Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionBuffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
    familywindows
    idoval:org.mitre.oval:def:95
    statusdeprecated
    submitted2004-01-14T12:00:00.000-04:00
    titleDEPRECATED: Windows 2000 IIS ASP Server-Side Include Function Buffer Overflow
    version33