| Vulnerability Name: | CVE-2002-0364 (CCN-9327) | ||||||||||||
| Assigned: | 2002-05-27 | ||||||||||||
| Published: | 2002-05-27 | ||||||||||||
| Updated: | 2018-10-30 | ||||||||||||
| Summary: | Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Jun 13 2002 - 14:32:45 CDT VNA - .HTR HEAP OVERFLOW Source: VULNWATCH Type: UNKNOWN 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Source: MITRE Type: CNA CVE-2002-0364 Source: BUGTRAQ Type: UNKNOWN 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Source: NTBUGTRAQ Type: UNKNOWN 20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow Source: BUGTRAQ Type: UNKNOWN 20020613 VNA - .HTR HEAP OVERFLOW Source: CCN Type: CIAC Information Bulletin M-089 MS Heap Overrun in HTR Chunked Encoding Vulnerability Source: CCN Type: eEye Digital Security Advisory AD20020612 Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow Source: XF Type: UNKNOWN iis-htr-chunked-encoding-bo(9327) Source: CCN Type: Internet Security Systems Security Alert #120 Heap Overflow in IIS HTR Chunked Encoding Source: CCN Type: US-CERT VU#313819 Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR Source: CERT-VN Type: US Government Resource VU#313819 Source: CCN Type: Microsoft Security Bulletin MS02-028 Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599) Source: CCN Type: Microsoft Security Bulletin MS02-062 Cumulative Patch for Internet Information Service (Q327696) Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114) Source: CCN Type: OSVDB ID: 5316 Microsoft IIS ISAPI HTR Chunked Encoding Overflow Source: BID Type: UNKNOWN 4855 Source: CCN Type: BID-4855 Microsoft IIS HTR Chunked Encoding Transfer Heap Overflow Vulnerability Source: MS Type: UNKNOWN MS02-028 Source: XF Type: UNKNOWN iis-htr-chunked-encoding-bo(9327) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:182 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:29 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||