Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1744

4 documents4 sources

Severity

5.0MEDIUM

EPSS

67.3%

top 1.44%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Services

Timeline

PublishedDec 31

Latest updateApr 30

Description

Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-w6xh-hvr7-7x4x: Directory traversal vulnerability in CodeBrws↗2022-04-30

▶

CVEList

CVE-2002-1744: Directory traversal vulnerability in CodeBrws↗2005-06-21

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 5.0 - 'CodeBrws.asp' Source Code Disclosure↗2002-04-16

▶