Buffer Overflow in HTR Scripting for Microsoft Internet Information Server
CVE-2002-0071

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 22 April 2002

What is CVE-2002-0071?

The vulnerability originates from a buffer overflow in the ism.dll ISAPI extension used for HTR scripting in Microsoft Internet Information Server. Attackers can exploit this weakness by sending specially crafted HTR requests with excessively long variable names, potentially leading to a denial of service or allowing the execution of arbitrary code. This issue impacts versions 4.0 and 5.0 of IIS, emphasizing the need for security measures and timely updates.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.osvdb.org/3325

vdb-entryx_refsource_OSVDB

EPSS Score

67% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Feb 21, 2002