CVE-2002-1180

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ciac.org/ciac/bulletins/n-011.shtml
http://www.iss.net/security_center/static/10504.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/6068
http://www.securityfocus.com/bid/6071
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-11-12 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-1180

Mitre link : CVE-2002-1180

CVE.ORG link : CVE-2002-1180

JSON object : View

Products Affected

microsoft

internet_information_services

CWE

NVD-CWE-Other

{"id": "CVE-2002-1180", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-11-12T05:00:00.000", "references": [{"url": "http://www.ciac.org/ciac/bulletins/n-011.shtml", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10504.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6068", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6071", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka \"Script Source Access Vulnerability.\""}, {"lang": "es", "value": "Un error tipogr\u00e1fico en los permisos de acceso a fuentes de scripts en Internet Information Server (IIS) 5.0 no excluye adecuadamente ficheros .COM, lo que permite a atacantes con s\u00f3lo permisos de escritura cargar ficheros .COM, tambi\u00e9n conocida como \"Vulnerabilidad de Acceso a Fuente de Scripts\""}], "lastModified": "2018-10-30T16:25:10.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}