CVE-2002-0147 — Vulnetix

CVE-2002-0147 PUBLISHED CVSS 7.5 HIGH

Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."

EPSS 40.10% · 97.4th percentile

Risk Scores

CVSS 2.0

7.5

EPSS Score

40.10%

97.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
microsoft	internet_information_services	5.0
microsoft	internet_information_server	4.0

Exploit Intelligence

iis-asp-data-transfer-bo(8796) (circl)
4490 (circl)
oval:org.mitre.oval:def:72 (circl)
MS02-018 (circl)
3301 (circl)
VU#669779 (circl)
oval:org.mitre.oval:def:22 (circl)
CA-2002-09 (circl)
20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 (circl)

Timeline

Apr 22, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Apr 30, 2022 CVE Updated
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 26, 2023 EPSS Score
Sep 8, 2023 EPSS Score
Oct 31, 2023 EPSS Score

References

iis-asp-data-transfer-bo(8796) vdb
4490 vdb
oval:org.mitre.oval:def:72 vdb
MS02-018 vendor-advisory
3301 vdb
VU#669779 third-party-advisory
oval:org.mitre.oval:def:22 vdb
CA-2002-09 third-party-advisory
20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2002-0147 advisory

Open in Interactive Console →