CVE-2002-0150

4 documents4 sources

Severity

7.5HIGH

EPSS

69.5%

top 1.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedApr 22

Latest updateApr 30

Description

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-rp9c-fj68-5527: Buffer overflow in Internet Information Server (IIS) 4↗2022-04-30

▶

CVEList

CVE-2002-0150: Buffer overflow in Internet Information Server (IIS) 4↗2003-04-02

▶

📋Vendor Advisories

Cisco

Microsoft IIS Vulnerabilities in Cisco Products - MS02-018↗2002-04-15

▶