CVE-2002-0072

4 documents4 sources

Severity

5.0MEDIUM

EPSS

33.4%

top 3.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedApr 22

Latest updateApr 30

Description

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-84f6-4j88-6cvc: The w3svc↗2022-04-30

▶

CVEList

CVE-2002-0072: The w3svc↗2003-04-02

▶

📋Vendor Advisories

Cisco

Microsoft IIS Vulnerabilities in Cisco Products - MS02-018↗2002-04-15

▶