Vulnerability Name:

CVE-2002-1745 (CCN-8853)

Assigned:2002-04-17
Published:2002-04-17
Updated:2018-10-30
Summary:Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Tue Apr 16 2002 - 22:01:19 CDT
Microsoft IIS 5.0 CodeBrws.asp Source Disclosure

Source: CCN
Type: BugTraq Mailing List, Wed Apr 17 2002 - 13:08:14 CDT
Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure

Source: MITRE
Type: CNA
CVE-2002-1744

Source: MITRE
Type: CNA
CVE-2002-1745

Source: BUGTRAQ
Type: UNKNOWN
20020418 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure

Source: CCN
Type: OSVDB ID: 59561
Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure

Source: CCN
Type: OSVDB ID: 59621
Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure

Source: CCN
Type: BID-4525
Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability

Source: BID
Type: UNKNOWN
4543

Source: CCN
Type: BID-4543
Microsoft IIS CodeBrws.ASP File Extension Check Out By One Vulnerability

Source: XF
Type: UNKNOWN
iis-codebrws-view-source(8853)

Source: XF
Type: UNKNOWN
iis-codebrws-view-source(8853)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet information services 5.0
    microsoft internet information server 5.0