Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-0150 | First vendor Publication | 2002-04-22 |
Vendor | Cve | Last vendor Modification | 2020-11-23 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0150 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12124 | |||
Oval ID: | oval:org.mitre.oval:def:12124 | ||
Title: | Buffer Overrun in HTTP Header handling | ||
Description: | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0150 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:137 | |||
Oval ID: | oval:org.mitre.oval:def:137 | ||
Title: | DEPRECATED: Windows NT IIS HTTP Header Field Buffer Overflow | ||
Description: | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0150 | Version: | 3 |
Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:39 | |||
Oval ID: | oval:org.mitre.oval:def:39 | ||
Title: | DEPRECATED: Windows 2000 IIS HTTP Header Field Buffer Overflow | ||
Description: | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2002-0150 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
ExploitDB Exploits
id | Description |
---|---|
2010-04-30 | Microsoft IIS 4.0 .HTR Path Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-04 | Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability File : nvt/gb_ms02-018_remote.nasl |
2005-11-03 | Name : IIS XSS via 404 error File : nvt/iis_xss_404.nasl |
2005-11-03 | Name : MSDTC denial of service by flooding with nul bytes File : nvt/msdtc_dos.nasl |
2005-11-03 | Name : Cumulative Patch for Internet Information Services (Q327696) File : nvt/smb_nt_ms02-018.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3316 | Microsoft IIS HTTP Header Field Delimiter Overflow A remote overflow exists in how IIS processes HTTP header information. IIS performs a safety check to ensure that all header values are valid, however it is possible to spoof the results of the check and convince the application that delimiter fields are present when they are not. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | .cdx HTTP header buffer overflow attempt RuleID : 1804-community - Revision : 21 - Type : SERVER-IIS |
2014-01-10 | .cdx HTTP header buffer overflow attempt RuleID : 1804 - Revision : 21 - Type : SERVER-IIS |
2014-01-10 | .cer HTTP header buffer overflow attempt RuleID : 1803-community - Revision : 21 - Type : SERVER-IIS |
2014-01-10 | .cer HTTP header buffer overflow attempt RuleID : 1803 - Revision : 21 - Type : SERVER-IIS |
2014-01-10 | .asa HTTP header buffer overflow attempt RuleID : 1802-community - Revision : 20 - Type : SERVER-IIS |
2014-01-10 | .asa HTTP header buffer overflow attempt RuleID : 1802 - Revision : 20 - Type : SERVER-IIS |
2014-01-10 | .asp HTTP header buffer overflow attempt RuleID : 1801 - Revision : 15 - Type : WEB-IIS |
2014-01-10 | EXPLOIT STAT ? dos attempt RuleID : 1778-community - Revision : 18 - Type : PROTOCOL-FTP |
2014-01-10 | EXPLOIT STAT ? dos attempt RuleID : 1778 - Revision : 18 - Type : PROTOCOL-FTP |
2014-01-10 | EXPLOIT STAT asterisk dos attempt RuleID : 1777-community - Revision : 19 - Type : PROTOCOL-FTP |
2014-01-10 | EXPLOIT STAT asterisk dos attempt RuleID : 1777 - Revision : 19 - Type : PROTOCOL-FTP |
2014-01-10 | header field buffer overflow attempt RuleID : 1768 - Revision : 8 - Type : WEB-IIS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-06-13 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
2002-04-23 | Name : Arbitrary code can be executed on the remote host through the web server. File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO |
2002-04-20 | Name : The remote service is prone to a denial of service attack. File : msdtc_dos.nasl - Type : ACT_DENIAL |
2002-04-11 | Name : The remote web server is affected by a denial of service vulnerability. File : iis_frontpage_dos.nasl - Type : ACT_DENIAL |
2002-04-11 | Name : The remote web server is affected by multiple vulnerabilities. File : iis_xss_404.nasl - Type : ACT_GATHER_INFO |
2002-04-10 | Name : The remote web server is affected by multiple buffer overflow vulnerabilities. File : iis_asp_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
2002-04-10 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_isapi.nasl - Type : ACT_GATHER_INFO |
2002-04-10 | Name : The remote FTP server is prone to a denial of service attack. File : msftp_dos.nasl - Type : ACT_DENIAL |
1999-06-22 | Name : The remote web server is affected by a remote buffer overflow vulnerability. File : iis_buffer_overflow.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:01:56 |
|
2024-02-01 12:01:20 |
|
2023-09-05 12:01:51 |
|
2023-09-05 01:01:11 |
|
2023-09-02 12:01:52 |
|
2023-09-02 01:01:11 |
|
2023-08-12 12:02:14 |
|
2023-08-12 01:01:12 |
|
2023-08-11 12:01:56 |
|
2023-08-11 01:01:13 |
|
2023-08-06 12:01:47 |
|
2023-08-06 01:01:12 |
|
2023-08-04 12:01:51 |
|
2023-08-04 01:01:12 |
|
2023-07-14 12:01:49 |
|
2023-07-14 01:01:13 |
|
2023-03-29 01:01:48 |
|
2023-03-28 12:01:18 |
|
2022-10-11 12:01:38 |
|
2022-10-11 01:01:05 |
|
2021-05-04 12:01:37 |
|
2021-04-22 01:01:45 |
|
2020-11-24 09:22:42 |
|
2020-11-24 00:22:45 |
|
2020-05-23 00:14:54 |
|
2018-10-31 00:19:41 |
|
2018-10-13 00:22:25 |
|
2017-10-10 09:23:24 |
|
2016-06-28 14:58:18 |
|
2016-04-26 12:06:17 |
|
2014-02-17 10:24:30 |
|
2014-01-19 21:21:37 |
|
2013-05-11 12:08:19 |
|