CVE-2002-0071 — Vulnetix

CVE-2002-0071 PUBLISHED CVSS 7.5 HIGH

Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

EPSS 69.49% · 98.7th percentile

Risk Scores

CVSS 2.0

7.5

EPSS Score

69.49%

98.7th percentile

Affected Products

Vendor	Product	Versions
microsoft	internet_information_server	4.0
microsoft	internet_information_services	5.0
n/a	n/a	*

Exploit Intelligence

SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (vulnetix)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (vulnetix)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (vulnetix)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (vulnetix)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (community-snort)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (community-snort)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (community-snort)
SERVER-APACHE Apache Chunked-Encoding worm attempt [disabled] (community-snort)
4474 (circl)
CA-2002-09 (circl)

…and 11 more exploits

Timeline

CVE Published
Sep 23, 2010 PoC Published
Feb 4, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 27, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Mar 7, 2023 EPSS Score
May 26, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 11, 2023 EPSS Score
Oct 31, 2023 EPSS Score

References

oval:org.mitre.oval:def:45 vdb
oval:org.mitre.oval:def:130 vdb
3325 vdb
A041002-1 vendor-advisory
20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun mailing-list
4474 vdb
VU#363715 third-party-advisory
MS02-018 vendor-advisory
iis-htr-isapi-bo(8799) vdb
CA-2002-09 third-party-advisory
20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2002-0071 advisory

Open in Interactive Console →