CVE-2002-1180
- EPSS 8.63%
- Veröffentlicht 12.11.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:53
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access...
CVE-2002-0869
- EPSS 23.64%
- Veröffentlicht 12.11.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:17
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka...
CVE-2002-0422
- EPSS 44.34%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:24
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in...
- EPSS 36.24%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:24
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provid...
CVE-2002-0364
- EPSS 31.01%
- Veröffentlicht 03.07.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:17
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
- EPSS 22.12%
- Veröffentlicht 16.05.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:01
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
CVE-2002-0150
- EPSS 49.48%
- Veröffentlicht 22.04.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:53
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
CVE-2002-0149
- EPSS 62.7%
- Veröffentlicht 22.04.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:53
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
CVE-2002-0148
- EPSS 64.49%
- Veröffentlicht 22.04.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:53
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
CVE-2002-0147
- EPSS 61.76%
- Veröffentlicht 22.04.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:53
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."