Oval Definition:oval:org.mitre.oval:def:12008
Revision Date:2011-02-21Version:21
Title:Cross-site Scripting in HTTP Error Page
Description:Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0148
Platform(s):Microsoft Windows 2000
Microsoft Windows NT
Microsoft Windows XP
Product(s):Microsoft Internet Information Server (IIS)
Definition Synopsis
  • vulnerable IIS 4.0 on Windows NT
  • Microsoft Windows NT is installed
  • AND Microsoft IIS 4.0 is installed
  • AND the version of w3svc.dll is less than 4.2.775.1
  • AND FTP Enabled
  • OR vulnerable IIS 5.0 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND Microsoft IIS 5.0 is installed
  • AND the version of w3svc.dll is less than 5.0.2195.5269
  • AND FTP Enabled
  • OR vulnerable IIS 5.1 on Windows XP
  • Microsoft Windows XP is installed
  • AND Microsoft IIS 5.1 is installed
  • AND the version of w3svc.dll is less than 5.1.2600.41
  • AND FTP Enabled
  • BACK