1. CVE-Search
  2. CVE-2002-1180
ID CVE-2002-1180
Summary A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2005-02-16T12:00:00.000-04:00
class vulnerability
contributors
  • name Christine Walzer
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
description A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
family windows
id oval:org.mitre.oval:def:931
status accepted
submitted 2004-05-12T12:00:00.000-04:00
title IIS5.0 Script Source Access Vulnerability
version 65
refmap via4
bid
  • 6068
  • 6071
ciac N-011
xf iis-script-source-access-bypass(10504)
Last major update 30-10-2018 - 16:25
Published 12-11-2002 - 05:00
Last modified 30-10-2018 - 16:25
Back to Top