Executive Summary
Informations | |||
---|---|---|---|
Name | MS02-028 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:182 | |||
Oval ID: | oval:org.mitre.oval:def:182 | ||
Title: | Windows NT IIS Heap Overrun in HTR Chunked Encoding | ||
Description: | Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0364 | Version: | 2 |
Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29 | |||
Oval ID: | oval:org.mitre.oval:def:29 | ||
Title: | Windows 2000 IIS Heap Overrun in HTR Chunked Encoding | ||
Description: | Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0364 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
Microsoft IIS .HTR ISAPI chunked encoding buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
5316 | Microsoft IIS ISAPI HTR Chunked Encoding Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | .htr chunked Transfer-Encoding RuleID : 1806-community - Revision : 20 - Type : SERVER-IIS |
2014-01-10 | .htr chunked Transfer-Encoding RuleID : 1806 - Revision : 20 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-06-13 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:42 |
|