Executive Summary
Informations | |||
---|---|---|---|
Name | MS02-062 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Patch for Internet Information Service (Q327696) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1009 | |||
Oval ID: | oval:org.mitre.oval:def:1009 | ||
Title: | Windows XP IIS5 WebDAV Denial of Service | ||
Description: | IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1182 | Version: | 2 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1011 | |||
Oval ID: | oval:org.mitre.oval:def:1011 | ||
Title: | Windows 2000 IIS5 WebDAV Denial of Service | ||
Description: | IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1182 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:929 | |||
Oval ID: | oval:org.mitre.oval:def:929 | ||
Title: | Windows NT IIS Out of Process Privilege Elevation Vulnerability | ||
Description: | Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0869 | Version: | 2 |
Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:930 | |||
Oval ID: | oval:org.mitre.oval:def:930 | ||
Title: | Windows 2000 IIS Out of Process Privilege Elevation Vulnerability | ||
Description: | Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0869 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:931 | |||
Oval ID: | oval:org.mitre.oval:def:931 | ||
Title: | IIS5.0 Script Source Access Vulnerability | ||
Description: | A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1180 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:942 | |||
Oval ID: | oval:org.mitre.oval:def:942 | ||
Title: | Windows 2000 IIS Cross-site Scripting Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1181 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:944 | |||
Oval ID: | oval:org.mitre.oval:def:944 | ||
Title: | Windows NT IIS Cross-site Scripting Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-1181 | Version: | 2 |
Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:983 | |||
Oval ID: | oval:org.mitre.oval:def:983 | ||
Title: | Windows XP IIS Out of Process Privilege Elevation Vulnerability | ||
Description: | Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0869 | Version: | 2 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : Cumulative Patch for Internet Information Services (Q327696) File : nvt/smb_nt_ms02-018.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17124 | Microsoft IIS Malformed WebDAV Request DoS |
17123 | Microsoft IIS Multiple Unspecified Admin Pages XSS |
17122 | Microsoft IIS Permission Weakness .COM File Upload |
771 | Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspec... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-04-23 | Name : Arbitrary code can be executed on the remote host through the web server. File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:47 |
|