CVE-2002-0072 - The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Serv

CVE-2002-0072

Summary

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 23-11-2020 - 19:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	4479
bugtraq	20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
cert	CA-2002-09
cert-vn	VU#521059
cisco	20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
osvdb	3326
xf	iis-isapi-filter-error-dos(8800)

Last major update

23-11-2020 - 19:49

Published

22-04-2002 - 04:00

Last modified

23-11-2020 - 19:49