Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1790

4 documents4 sources
Severity
5.0MEDIUM
EPSS
34.7%
top 2.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft Exchange ServerMicrosoft Internet Information ServerMicrosoft Internet Information Services
Timeline
PublishedDec 31
Latest updateApr 30

Description

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-q27r-qgw3-47hx: The SMTP service in Microsoft Internet Information Services (IIS) 42022-04-30
CVEList
CVE-2002-1790: The SMTP service in Microsoft Internet Information Services (IIS) 42005-06-28

💥Exploits & PoCs

1
Exploit-DB
Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)2002-07-12
CVE-2002-1790 (MEDIUM CVSS 5) | The SMTP service in Microsoft Inter | cvebase.io