Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1181

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-1181
Last Modified 10 Sep 2008 03:14:00
Published 12 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1181

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.

Vulnerable Systems

Application

  • Microsoft Internet Information Server 4.0

  • Microsoft Internet Information Server 5.0

  • Microsoft Internet Information Server 5.1


References

MS - MS02-062

XF - iis-admin-pages-xss(10501)

BID - 6072

BID - 6068

MISC - http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html

CIAC - N-011

BUGTRAQ - 20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability


Last Updated: 27 May 2016 10:37:14