VDB
CVE-2002-0364
CVE-2002-0364
PUBLISHED
CVSS 7.5 HIGH
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
EPSS 62.41% · 98.4th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
62.41%
98.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | internet_information_services | 5.0 |
| microsoft | internet_information_server | 4.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- 4855 (circl)
- MS02-028 (circl)
- VU#313819 (circl)
- 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow (circl)
- iis-htr-chunked-encoding-bo(9327) (circl)
- 20020613 VNA - .HTR HEAP OVERFLOW (circl)
- 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] (circl)
- oval:org.mitre.oval:def:182 (circl)
- 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] (circl)
- oval:org.mitre.oval:def:29 (circl)
Timeline
- Jul 3, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Apr 30, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Sep 11, 2023 EPSS Score
References
- 4855 vdb
- MS02-028 vendor-advisory
- VU#313819 third-party-advisory
- 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow mailing-list
- iis-htr-chunked-encoding-bo(9327) vdb
- 20020613 VNA - .HTR HEAP OVERFLOW mailing-list
- 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] mailing-list
- oval:org.mitre.oval:def:182 vdb
- 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] mailing-list
- oval:org.mitre.oval:def:29 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0364 advisory