VAR-200204-0019
Vulnerability from variot - Updated: 2025-04-03 22:36Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. A buffer overflow in IIS could allow an intruder to execute arbitrary code the the privileges of the ASP ISAPI extension. A buffer overflow related to the processing of request header fields has been reported for Microsoft IIS (Internet Information Services). This problem is related to the interpretation of HTTP header field delimiters. This vulnerability affects IIS 4.0, IIS 5.0 and IIS 5.1. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200204-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "unity server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4"
},
{
"model": "unity server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3"
},
{
"model": "unity server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "unity server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "unity server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Serge Mister",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0150",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0150",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#454091",
"trust": 0.8,
"value": "51.30"
},
{
"author": "NVD",
"id": "CVE-2002-0150",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200204-018",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454091"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. A buffer overflow in IIS could allow an intruder to execute arbitrary code the the privileges of the ASP ISAPI extension. A buffer overflow related to the processing of request header fields has been reported for Microsoft IIS (Internet Information Services). \nThis problem is related to the interpretation of HTTP header field delimiters. This vulnerability affects IIS 4.0, IIS 5.0 and IIS 5.1. \nExploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. \nA number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0150"
},
{
"db": "CERT/CC",
"id": "VU#454091"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "BID",
"id": "4476"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#454091",
"trust": 3.5
},
{
"db": "BID",
"id": "4476",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2002-0150",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "3316",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454091"
},
{
"db": "BID",
"id": "4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"id": "VAR-200204-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T22:36:24.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS02-018",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS02-018.asp"
},
{
"title": "MS02-018",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/Bulletin/MS02-018.mspx"
},
{
"title": "Microsoft IIS HTTP Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134902"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/454091"
},
{
"trust": 2.4,
"url": "http://www.cert.org/advisories/ca-2002-09.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/4476"
},
{
"trust": 1.6,
"url": "http://www.iss.net/security_center/static/8797.php"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/3316"
},
{
"trust": 1.6,
"url": "http://www.cisco.com/warp/public/707/microsoft-iis-vulnerabilities-ms02-018.shtml"
},
{
"trust": 1.6,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a137"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a39"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-018.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/tools/locktool.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/urlscan.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0150"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr021401.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-09"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0150"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q317636"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/default.mspx"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454091"
},
{
"db": "BID",
"id": "4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#454091"
},
{
"db": "BID",
"id": "4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-04-10T00:00:00",
"db": "CERT/CC",
"id": "VU#454091"
},
{
"date": "2002-04-10T00:00:00",
"db": "BID",
"id": "4476"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"date": "2002-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"date": "2002-04-22T04:00:00",
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-04-10T00:00:00",
"db": "CERT/CC",
"id": "VU#454091"
},
{
"date": "2002-04-10T00:00:00",
"db": "BID",
"id": "4476"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000086"
},
{
"date": "2020-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200204-018"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields",
"sources": [
{
"db": "CERT/CC",
"id": "VU#454091"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200204-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…