CVE-2002-1180

3 documents3 sources

Severity

7.5HIGH

EPSS

2.1%

top 15.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Services

Timeline

PublishedNov 12

Latest updateApr 30

Description

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-89mg-cv67-4w52: A typographical error in the script source access permissions for Internet Information Server (IIS) 5↗2022-04-30

▶

CVEList

CVE-2002-1180: A typographical error in the script source access permissions for Internet Information Server (IIS) 5↗2004-09-01

▶