Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS02-018 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | N/A |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cumulative Patch for Internet Information Service (Q319733) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12008 | |||
| Oval ID: | oval:org.mitre.oval:def:12008 | ||
| Title: | Cross-site Scripting in HTTP Error Page | ||
| Description: | Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0148 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12124 | |||
| Oval ID: | oval:org.mitre.oval:def:12124 | ||
| Title: | Buffer Overrun in HTTP Header handling | ||
| Description: | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0150 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12307 | |||
| Oval ID: | oval:org.mitre.oval:def:12307 | ||
| Title: | Microsoft-discovered variant of Chunked Encoding buffer overrun | ||
| Description: | Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0147 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12315 | |||
| Oval ID: | oval:org.mitre.oval:def:12315 | ||
| Title: | Access violation in URL error handling | ||
| Description: | The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0072 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12346 | |||
| Oval ID: | oval:org.mitre.oval:def:12346 | ||
| Title: | Cross-site Scripting in Redirect Response message | ||
| Description: | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0075 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12356 | |||
| Oval ID: | oval:org.mitre.oval:def:12356 | ||
| Title: | Cross-site Scripting in IIS Help File search facility | ||
| Description: | Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0074 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12407 | |||
| Oval ID: | oval:org.mitre.oval:def:12407 | ||
| Title: | Buffer Overrun in ASP Server-Side Include Function | ||
| Description: | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0149 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12413 | |||
| Oval ID: | oval:org.mitre.oval:def:12413 | ||
| Title: | Buffer overrun in HTR ISAPI extension | ||
| Description: | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0071 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12490 | |||
| Oval ID: | oval:org.mitre.oval:def:12490 | ||
| Title: | Denial of service via FTP status request | ||
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0073 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows XP | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12501 | |||
| Oval ID: | oval:org.mitre.oval:def:12501 | ||
| Title: | Buffer overrun in Chunked Encoding mechanism | ||
| Description: | Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0079 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:130 | |||
| Oval ID: | oval:org.mitre.oval:def:130 | ||
| Title: | DEPRECATED: Windows 2000 HTR ISAPI Buffer Overflow | ||
| Description: | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0071 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:132 | |||
| Oval ID: | oval:org.mitre.oval:def:132 | ||
| Title: | DEPRECATED: Windows NT IIS ASP Server-Side Include Function Buffer Overflow | ||
| Description: | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0149 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:137 | |||
| Oval ID: | oval:org.mitre.oval:def:137 | ||
| Title: | DEPRECATED: Windows NT IIS HTTP Header Field Buffer Overflow | ||
| Description: | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0150 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16 | |||
| Oval ID: | oval:org.mitre.oval:def:16 | ||
| Title: | DEPRECATED: Windows NT IIS Chunked Encoding Buffer Overflow | ||
| Description: | Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0079 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:210 | |||
| Oval ID: | oval:org.mitre.oval:def:210 | ||
| Title: | DEPRECATED: Windows 2000 IIS HTTP Redirect Error Message Cross-site Scripting | ||
| Description: | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0075 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22 | |||
| Oval ID: | oval:org.mitre.oval:def:22 | ||
| Title: | DEPRECATED: Windows 2000 Variant of Chunked Encoding Buffer Overrun | ||
| Description: | Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0147 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24 | |||
| Oval ID: | oval:org.mitre.oval:def:24 | ||
| Title: | DEPRECATED: Windows NT IIS FTP Connection Status Request Denial of Service | ||
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0073 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | FTP |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25 | |||
| Oval ID: | oval:org.mitre.oval:def:25 | ||
| Title: | DEPRECATED: Windows 2000 IIS Chunked Encoding Buffer Overflow | ||
| Description: | Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0079 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:35 | |||
| Oval ID: | oval:org.mitre.oval:def:35 | ||
| Title: | DEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of Service | ||
| Description: | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0073 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | FTP |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:39 | |||
| Oval ID: | oval:org.mitre.oval:def:39 | ||
| Title: | DEPRECATED: Windows 2000 IIS HTTP Header Field Buffer Overflow | ||
| Description: | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0150 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:45 | |||
| Oval ID: | oval:org.mitre.oval:def:45 | ||
| Title: | DEPRECATED: Windows NT HTR ISAPI Buffer Overflow | ||
| Description: | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0071 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:46 | |||
| Oval ID: | oval:org.mitre.oval:def:46 | ||
| Title: | DEPRECATED: IIS Help File Search Cross-site Scripting | ||
| Description: | Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0074 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:58 | |||
| Oval ID: | oval:org.mitre.oval:def:58 | ||
| Title: | DEPRECATED: Windows NT IIS HTTP Redirect Error Message Cross-site Scripting | ||
| Description: | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0075 | Version: | 2 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:72 | |||
| Oval ID: | oval:org.mitre.oval:def:72 | ||
| Title: | DEPRECATED: Windows NT Variant of Chunked Encoding Buffer Overrun | ||
| Description: | Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0147 | Version: | 3 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:81 | |||
| Oval ID: | oval:org.mitre.oval:def:81 | ||
| Title: | DEPRECATED: Windows NT IIS HTTP Error Page Cross-site Scripting | ||
| Description: | Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0148 | Version: | 2 |
| Platform(s): | Microsoft Windows NT | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:92 | |||
| Oval ID: | oval:org.mitre.oval:def:92 | ||
| Title: | DEPRECATED: Windows 2000 IIS HTTP Error Page Cross-site Scripting | ||
| Description: | Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0148 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:95 | |||
| Oval ID: | oval:org.mitre.oval:def:95 | ||
| Title: | DEPRECATED: Windows 2000 IIS ASP Server-Side Include Function Buffer Overflow | ||
| Description: | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2002-0149 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server (IIS) |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft IIS ASP chunked encoding buffer overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-04-30 | Microsoft IIS 4.0 .HTR Path Overflow |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-04 | Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability File : nvt/gb_ms02-018_remote.nasl |
| 2005-11-03 | Name : IIS XSS via 404 error File : nvt/iis_xss_404.nasl |
| 2005-11-03 | Name : MSDTC denial of service by flooding with nul bytes File : nvt/msdtc_dos.nasl |
| 2005-11-03 | Name : Cumulative Patch for Internet Information Services (Q327696) File : nvt/smb_nt_ms02-018.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3341 | Microsoft IIS Redirect Response XSS IIS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the results returned when when a requested URL has been redirected. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 3339 | Microsoft IIS HTTP Error Page XSS IIS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the results returned when an error message is created (i.e. 404). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 3338 | Microsoft IIS Help File XSS IIS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the results page returned when searching IIS Help Files. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 3328 | Microsoft IIS FTP Status Request DoS IIS contains a flaw that may allow a remote denial of service. The issue is triggered by a status request which creates an error condition which is not correctly reported. Other FTP daemon code will attempt to utilize the uninitialized data which causes an access violation. This results not only in loss of availability for the FTP service, but other web services as well. |
| 3326 | Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS IIS contains a flaw that may allow a remote denial of service. The issue is caused by an ISAPI filter which generates an error upon receiving a URL request that is too large. Exploitation of this vulnerability will result in loss of availability for the IIS service. |
| 3325 | Microsoft IIS HTR ISAPI Overflow A remote overflow exists in the Internet Services Application Programming Interface (ISAPI) ISM.DLL extensions used in HTR scripting. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability. |
| 3320 | Microsoft IIS ASP Server-Side Include Buffer Overflow A remote overflow exists in a safety check that IIS perfoms during server-side includes (SSI). IIS performs this safety check to ensure that a client-specified file is valid. It is possible to specify an invalid filename in such a way that bypasses the safety check. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability. |
| 3316 | Microsoft IIS HTTP Header Field Delimiter Overflow A remote overflow exists in how IIS processes HTTP header information. IIS performs a safety check to ensure that all header values are valid, however it is possible to spoof the results of the check and convince the application that delimiter fields are present when they are not. With a specially crafted URL, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability. |
| 3301 | Microsoft IIS ASP Chunked Encoding Variant Heap Overflow A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability. |
| 768 | Microsoft IIS ASP Chunked Encoding Heap Overflow A remote overflow exists in IIS Active Server Pages (ASP). IIS fails to allocate the proper size buffer resulting in a heap-based overflow. With a specially crafted request, an attacker can cause either a DoS or the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-07-10 | Apache Chunked-Encoding worm attempt RuleID : 31405-community - Revision : 2 - Type : SERVER-APACHE |
| 2014-11-16 | Apache Chunked-Encoding worm attempt RuleID : 31405 - Revision : 2 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Chunked-Encoding worm attempt RuleID : 1809-community - Revision : 19 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Chunked-Encoding worm attempt RuleID : 1809 - Revision : 19 - Type : SERVER-APACHE |
| 2014-01-10 | Chunked-Encoding transfer with no data attempt RuleID : 1807-community - Revision : 26 - Type : POLICY-OTHER |
| 2014-01-10 | Chunked-Encoding transfer with no data attempt RuleID : 1807 - Revision : 24 - Type : POLICY-OTHER |
| 2014-01-10 | .cdx HTTP header buffer overflow attempt RuleID : 1804-community - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .cdx HTTP header buffer overflow attempt RuleID : 1804 - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .cer HTTP header buffer overflow attempt RuleID : 1803-community - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .cer HTTP header buffer overflow attempt RuleID : 1803 - Revision : 21 - Type : SERVER-IIS |
| 2014-01-10 | .asa HTTP header buffer overflow attempt RuleID : 1802-community - Revision : 20 - Type : SERVER-IIS |
| 2014-01-10 | .asa HTTP header buffer overflow attempt RuleID : 1802 - Revision : 20 - Type : SERVER-IIS |
| 2014-01-10 | .asp HTTP header buffer overflow attempt RuleID : 1801 - Revision : 15 - Type : WEB-IIS |
| 2014-01-10 | EXPLOIT STAT ? dos attempt RuleID : 1778-community - Revision : 18 - Type : PROTOCOL-FTP |
| 2014-01-10 | EXPLOIT STAT ? dos attempt RuleID : 1778 - Revision : 18 - Type : PROTOCOL-FTP |
| 2014-01-10 | EXPLOIT STAT asterisk dos attempt RuleID : 1777-community - Revision : 19 - Type : PROTOCOL-FTP |
| 2014-01-10 | EXPLOIT STAT asterisk dos attempt RuleID : 1777 - Revision : 19 - Type : PROTOCOL-FTP |
| 2014-01-10 | header field buffer overflow attempt RuleID : 1768 - Revision : 8 - Type : WEB-IIS |
| 2014-01-10 | Generic HyperLink buffer overflow attempt RuleID : 17410 - Revision : 27 - Type : OS-WINDOWS |
| 2014-01-10 | WEB-IIS .htr request RuleID : 1619 - Revision : 10 - Type : EXPERIMENTAL |
| 2014-01-10 | .asp chunked Transfer-Encoding RuleID : 1618-community - Revision : 26 - Type : SERVER-IIS |
| 2014-01-10 | .asp chunked Transfer-Encoding RuleID : 1618 - Revision : 26 - Type : SERVER-IIS |
Metasploit Database
| id | Description |
|---|---|
| 2002-04-10 | MS02-018 Microsoft IIS 4.0 .HTR Path Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2002-06-13 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2002-04-23 | Name : Arbitrary code can be executed on the remote host through the web server. File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO |
| 2002-04-20 | Name : The remote service is prone to a denial of service attack. File : msdtc_dos.nasl - Type : ACT_DENIAL |
| 2002-04-11 | Name : The remote web server is affected by a denial of service vulnerability. File : iis_frontpage_dos.nasl - Type : ACT_DENIAL |
| 2002-04-11 | Name : The remote web server is affected by multiple vulnerabilities. File : iis_xss_404.nasl - Type : ACT_GATHER_INFO |
| 2002-04-10 | Name : The remote web server is affected by multiple buffer overflow vulnerabilities. File : iis_asp_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2002-04-10 | Name : The remote web server is affected by a buffer overflow vulnerability. File : iis_htr_isapi.nasl - Type : ACT_GATHER_INFO |
| 2002-04-10 | Name : The remote FTP server is prone to a denial of service attack. File : msftp_dos.nasl - Type : ACT_DENIAL |
| 1999-06-22 | Name : The remote web server is affected by a remote buffer overflow vulnerability. File : iis_buffer_overflow.nasl - Type : ACT_MIXED_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:17:11 |
|
| 2016-03-11 00:24:31 |
|
| 2016-03-10 21:23:55 |
|
| 2014-04-01 14:39:30 |
|
| 2014-02-17 11:44:40 |
|
| 2014-01-19 21:29:46 |
|
