Denial of Service Vulnerability in Microsoft Front Page Server Extensions and ASP.NET
CVE-2002-0072

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 22 April 2002

What is CVE-2002-0072?

An issue exists in the w3svc.dll ISAPI filter within Front Page Server Extensions and ASP.NET for Internet Information Server. This vulnerability arises from improper handling of error conditions when processing excessively long URLs, which can lead to a null pointer dereference. Consequently, this can be exploited by remote attackers to crash the server, resulting in a denial of service. It is critical for administrators to patch their Internet Information Server installations to mitigate the risk posed by this vulnerability.

References

http://www.securityfocus.com/bid/4479

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/521059

third-party-advisoryx_refsource_CERT-VN

http://www.iss.net/security_center/static/8800.php

vdb-entryx_refsource_XF

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Feb 21, 2002