CVE-2002-2081

3 documents3 sources

Severity

5.0MEDIUM

EPSS

15.0%

top 5.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Site Server Microsoft Site Server Commerce

Timeline

PublishedDec 31

Latest updateApr 30

Description

cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/site3.0

🔴Vulnerability Details

GHSA

GHSA-737h-px7x-jjwj: cphost↗2022-04-30

▶

CVEList

CVE-2002-2081: cphost↗2005-07-14

▶