CVE-2002-1908

3 documents3 sources

Severity

5.0MEDIUM

EPSS

11.5%

top 6.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Services

Timeline

PublishedDec 31

Latest updateApr 30

Description

Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services5.0

Patches

Patch: www.securiteam.com ↗Patch: www.securiteam.com ↗

🔴Vulnerability Details

GHSA

GHSA-g3q8-m2f7-hmq4: Microsoft IIS 5↗2022-04-30

▶

CVEList

CVE-2002-1908: Microsoft IIS 5↗2005-06-28

▶