Buffer Overflow Vulnerability in Microsoft IIS Versions 4.0, 5.0, and 5.1
CVE-2002-0149

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 22 April 2002

Summary

A buffer overflow in the ASP Server-Side Include Function of Microsoft IIS versions 4.0, 5.0, and 5.1 enables remote attackers to initiate a denial of service attack and potentially execute arbitrary code by leveraging long file names. This vulnerability poses a significant risk to the security of web applications hosted on affected versions, as it can be exploited remotely without the need for authentication or user interaction.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.osvdb.org/3320

vdb-entryx_refsource_OSVDB

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

49% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Mar 19, 2002