Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-1180 | First vendor Publication | 2002-11-12 |
Vendor | Cve | Last vendor Modification | 2018-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1180 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:931 | |||
Oval ID: | oval:org.mitre.oval:def:931 | ||
Title: | IIS5.0 Script Source Access Vulnerability | ||
Description: | A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1180 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : Cumulative Patch for Internet Information Services (Q327696) File : nvt/smb_nt_ms02-018.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17122 | Microsoft IIS Permission Weakness .COM File Upload |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-04-23 | Name : Arbitrary code can be executed on the remote host through the web server. File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:01:46 |
|
2021-04-22 01:01:54 |
|
2020-05-23 00:15:06 |
|
2018-10-31 00:19:41 |
|
2018-10-13 00:22:26 |
|
2017-10-10 09:23:24 |
|
2016-06-28 15:00:17 |
|
2016-04-26 12:16:23 |
|
2014-02-17 10:25:08 |
|
2013-05-11 12:12:03 |
|