Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0364

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0364
Last Modified 10 Sep 2008 08:01:01
Published 03 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0364

Summary

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

Vulnerable Systems

Application

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0


References

CERT-VN - VU#313819

MS - MS02-028

BUGTRAQ - 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]

BID - 4855

XF - iis-htr-chunked-encoding-bo(9327)

BUGTRAQ - 20020613 VNA - .HTR HEAP OVERFLOW

NTBUGTRAQ - 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow


Last Updated: 27 May 2016 10:36:53