CVE-2002-1745

CWE-1933 documents3 sources
Severity
7.5HIGH
EPSS
10.2%
top 6.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedDec 31
Latest updateApr 30

Description

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jjmp-8hhm-x9wh: Off-by-one error in the CodeBrws2022-04-30
CVEList
CVE-2002-1745: Off-by-one error in the CodeBrws2005-06-21
CVE-2002-1745 (HIGH CVSS 7.5) | Off-by-one error in the CodeBrws.as | cvebase.io