CVE-2002-0071

4 documents4 sources
Severity
7.5HIGH
EPSS
69.5%
top 1.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Internet Information ServerMicrosoft Internet Information Services
Timeline
PublishedApr 22
Latest updateApr 30

Description

Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-6xx5-gpjw-m8wc: Buffer overflow in the ism2022-04-30
CVEList
CVE-2002-0071: Buffer overflow in the ism2003-04-02

📋Vendor Advisories

1
Cisco
Microsoft IIS Vulnerabilities in Cisco Products - MS02-0182002-04-15
CVE-2002-0071 (HIGH CVSS 7.5) | Buffer overflow in the ism.dll ISAP | cvebase.io