fkie_cve-2002-1180
Vulnerability from fkie_nvd
Published
2002-11-12 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
References
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-011.shtml
cve@mitre.orghttp://www.iss.net/security_center/static/10504.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/6068
cve@mitre.orghttp://www.securityfocus.com/bid/6071
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/n-011.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10504.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6068
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6071
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931
Impacted products
Vendor Product Version
microsoft internet_information_services 5.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "413C07EA-139F-4B7D-A58B-835BD2591FA0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka \"Script Source Access Vulnerability.\"",
      },
      {
         lang: "es",
         value: "Un error tipográfico en los permisos de acceso a fuentes de scripts en Internet Information Server (IIS) 5.0 no excluye adecuadamente ficheros .COM, lo que permite a atacantes con sólo permisos de escritura cargar ficheros .COM, también conocida como \"Vulnerabilidad de Acceso a Fuente de Scripts\"",
      },
   ],
   id: "CVE-2002-1180",
   lastModified: "2025-04-03T01:03:51.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-11-12T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://www.ciac.org/ciac/bulletins/n-011.shtml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10504.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6068",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6071",
      },
      {
         source: "cve@mitre.org",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/n-011.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10504.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6068",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6071",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.