CVE-2002-0072

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 22 April 2002

Summary

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

References

http://www.securityfocus.com/bid/4479

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/521059

third-party-advisoryx_refsource_CERT-VN

http://www.iss.net/security_center/static/8800.php

vdb-entryx_refsource_XF

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Feb 21, 2002