Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-0073 | First vendor Publication | 2002-04-22 |
| Vendor | Cve | Last vendor Modification | 2020-11-23 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0073 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12490 | |||
| Oval ID: | oval:org.mitre.oval:def:12490 | ||
| Title: | Denial of service via FTP status request | ||
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0073 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24 | |||
| Oval ID: | oval:org.mitre.oval:def:24 | ||
| Title: | DEPRECATED: Windows NT IIS FTP Connection Status Request Denial of Service | ||
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0073 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | FTP |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:35 | |||
| Oval ID: | oval:org.mitre.oval:def:35 | ||
| Title: | DEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of Service | ||
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0073 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | FTP |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-04-30 | Microsoft IIS 4.0 .HTR Path Overflow |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-04 | Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability File : nvt/gb_ms02-018_remote.nasl |
| 2005-11-03 | Name : IIS XSS via 404 error File : nvt/iis_xss_404.nasl |
| 2005-11-03 | Name : MSDTC denial of service by flooding with nul bytes File : nvt/msdtc_dos.nasl |
| 2005-11-03 | Name : Cumulative Patch for Internet Information Services (Q327696) File : nvt/smb_nt_ms02-018.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3328 | Microsoft IIS FTP Status Request DoS IIS contains a flaw that may allow a remote denial of service. The issue is triggered by a status request which creates an error condition which is not correctly reported. Other FTP daemon code will attempt to utilize the uninitialized data which causes an access violation. This results not only in loss of availability for the FTP service, but other web services as well. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | .cdx HTTP header buffer overflow attempt RuleID : 1804-community - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .cdx HTTP header buffer overflow attempt RuleID : 1804 - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .cer HTTP header buffer overflow attempt RuleID : 1803-community - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .cer HTTP header buffer overflow attempt RuleID : 1803 - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .asa HTTP header buffer overflow attempt RuleID : 1802-community - Revision : 20 - Type : SERVER-IIS |
| 2014-01-10 | .asa HTTP header buffer overflow attempt RuleID : 1802 - Revision : 20 - Type : SERVER-IIS |
| 2014-01-10 | .asp HTTP header buffer overflow attempt RuleID : 1801 - Revision : 15 - Type : WEB-IIS |
| 2014-01-10 | EXPLOIT STAT ? dos attempt RuleID : 1778-community - Revision : 18 - Type : PROTOCOL-FTP |
| 2014-01-10 | EXPLOIT STAT ? dos attempt RuleID : 1778 - Revision : 18 - Type : PROTOCOL-FTP |
| 2014-01-10 | EXPLOIT STAT asterisk dos attempt RuleID : 1777-community - Revision : 19 - Type : PROTOCOL-FTP |
| 2014-01-10 | EXPLOIT STAT asterisk dos attempt RuleID : 1777 - Revision : 19 - Type : PROTOCOL-FTP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2002-06-13 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2002-04-23 | Name : Arbitrary code can be executed on the remote host through the web server. File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO |
| 2002-04-20 | Name : The remote service is prone to a denial of service attack. File : msdtc_dos.nasl - Type : ACT_DENIAL |
| 2002-04-11 | Name : The remote web server is affected by a denial of service vulnerability. File : iis_frontpage_dos.nasl - Type : ACT_DENIAL |
| 2002-04-11 | Name : The remote web server is affected by multiple vulnerabilities. File : iis_xss_404.nasl - Type : ACT_GATHER_INFO |
| 2002-04-10 | Name : The remote web server is affected by multiple buffer overflow vulnerabilities. File : iis_asp_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2002-04-10 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_isapi.nasl - Type : ACT_GATHER_INFO |
| 2002-04-10 | Name : The remote FTP server is prone to a denial of service attack. File : msftp_dos.nasl - Type : ACT_DENIAL |
| 1999-06-22 | Name : The remote web server is affected by a remote buffer overflow vulnerability. File : iis_buffer_overflow.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:01:56 |
|
| 2024-02-01 12:01:20 |
|
| 2023-09-05 12:01:51 |
|
| 2023-09-05 01:01:11 |
|
| 2023-09-02 12:01:52 |
|
| 2023-09-02 01:01:11 |
|
| 2023-08-12 12:02:13 |
|
| 2023-08-12 01:01:11 |
|
| 2023-08-11 12:01:56 |
|
| 2023-08-11 01:01:12 |
|
| 2023-08-06 12:01:47 |
|
| 2023-08-06 01:01:12 |
|
| 2023-08-04 12:01:50 |
|
| 2023-08-04 01:01:12 |
|
| 2023-07-14 12:01:49 |
|
| 2023-07-14 01:01:12 |
|
| 2023-03-29 01:01:48 |
|
| 2023-03-28 12:01:17 |
|
| 2022-10-11 12:01:37 |
|
| 2022-10-11 01:01:05 |
|
| 2021-05-04 12:01:36 |
|
| 2021-04-22 01:01:44 |
|
| 2020-11-24 09:22:42 |
|
| 2020-11-24 00:22:45 |
|
| 2020-05-23 00:14:53 |
|
| 2018-10-31 00:19:41 |
|
| 2018-10-13 00:22:24 |
|
| 2017-10-10 09:23:24 |
|
| 2016-10-18 12:00:59 |
|
| 2016-06-28 14:58:09 |
|
| 2016-04-26 12:05:33 |
|
| 2014-02-17 10:24:27 |
|
| 2014-01-19 21:21:37 |
|
| 2013-05-11 12:08:02 |
|
