CVE-2002-0364

4 documents4 sources
Severity
7.5HIGH
EPSS
62.4%
top 1.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Internet Information ServerMicrosoft Internet Information Services
Timeline
PublishedJul 3
Latest updateApr 30

Description

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pv84-p89f-6ph5: Buffer overflow in the chunked encoding transfer mechanism in IIS 42022-04-30
CVEList
CVE-2002-0364: Buffer overflow in the chunked encoding transfer mechanism in IIS 42003-04-02

📋Vendor Advisories

1
Cisco
Microsoft IIS Vulnerabilities in Cisco Products - MS02-0182002-04-15
CVE-2002-0364 (HIGH CVSS 7.5) | Buffer overflow in the chunked enco | cvebase.io