var-200211-0046
Vulnerability from variot
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability.". ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Attacks that take advantage of this problem are system administrators 1 Since it can be executed when write permission and execution permission are given to all users in one or more virtual directories, IIS 5.0 Is not affected.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability has been reported for Microsoft IIS that may allow a remote attacker to upload a file onto the vulnerable server and possibly execute it. As a result an attacker may be able to upload malicious files to a vulnerable server and possibly execute it. This vulnerability only affects IIS 5.0. This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200211-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "6071"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue was originally described in a Microsoft Security Bulletin.",
"sources": [
{
"db": "BID",
"id": "6071"
}
],
"trust": 0.3
},
"cve": "CVE-2002-1180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1180",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1180",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2002-1180",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200211-023",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka \"Script Source Access Vulnerability.\". ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Attacks that take advantage of this problem are system administrators 1 Since it can be executed when write permission and execution permission are given to all users in one or more virtual directories, IIS 5.0 Is not affected.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. A vulnerability has been reported for Microsoft IIS that may allow a remote attacker to upload a file onto the vulnerable server and possibly execute it. As a result an attacker may be able to upload malicious files to a vulnerable server and possibly execute it. This vulnerability only affects IIS 5.0. \nThis vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1180"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"db": "BID",
"id": "6071"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1180",
"trust": 2.7
},
{
"db": "BID",
"id": "6071",
"trust": 2.7
},
{
"db": "BID",
"id": "6068",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000264",
"trust": 0.8
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:931",
"trust": 0.6
},
{
"db": "XF",
"id": "10504",
"trust": 0.6
},
{
"db": "CIAC",
"id": "N-011",
"trust": 0.6
},
{
"db": "MS",
"id": "MS02-062",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "6071"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"id": "VAR-200211-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-22T22:54:15.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS02-062",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS02-062.mspx"
},
{
"title": "MS02-062",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS02-062.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.securityfocus.com/bid/6071"
},
{
"trust": 3.4,
"url": "http://www.securityfocus.com/bid/6068"
},
{
"trust": 2.6,
"url": "http://www.iss.net/security_center/static/10504.php"
},
{
"trust": 2.6,
"url": "http://www.ciac.org/ciac/bulletins/n-011.shtml"
},
{
"trust": 2.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062"
},
{
"trust": 2.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a931"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1180"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1180"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-062.asp"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:931"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-062.asp"
}
],
"sources": [
{
"db": "BID",
"id": "6071"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "6071"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-31T00:00:00",
"db": "BID",
"id": "6071"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"date": "2002-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"date": "2002-11-12T05:00:00",
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-11T18:06:00",
"db": "BID",
"id": "6071"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000264"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200211-023"
},
{
"date": "2024-11-20T23:40:45.770000",
"db": "NVD",
"id": "CVE-2002-1180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS Illegal due to improper access permissions to the script .COM File upload vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000264"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6071"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-023"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.