Vulnerabilities > CVE-2002-1180 - Unspecified vulnerability in Microsoft Internet Information Services 5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS02-018.NASL |
description | The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10943 |
published | 2002-04-23 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10943 |
title | MS02-018: Cumulative Patch for Internet Information Services (327696) |
Oval
accepted | 2005-02-16T12:00:00.000-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
description | A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:931 | ||||||||
status | accepted | ||||||||
submitted | 2004-05-12T12:00:00.000-04:00 | ||||||||
title | IIS5.0 Script Source Access Vulnerability | ||||||||
version | 65 |
References
- http://www.ciac.org/ciac/bulletins/n-011.shtml
- http://www.iss.net/security_center/static/10504.php
- http://www.securityfocus.com/bid/6068
- http://www.securityfocus.com/bid/6071
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931