CVE-2002-1717

CWE-200Information Exposure4 documents4 sources
Severity
5.0MEDIUM
EPSS
15.0%
top 5.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedDec 31
Latest updateApr 30

Description

Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wmqv-9v3f-m3pr: Microsoft Internet Information Server (IIS) 52022-04-30
CVEList
CVE-2002-1717: Microsoft Internet Information Server (IIS) 52005-06-21

📋Vendor Advisories

1
Red Hat
CVE-2004-1717: Multiple buffer overflows in the psscan function in ps
CVE-2002-1717 (MEDIUM CVSS 5) | Microsoft Internet Information Serv | cvebase.io