CVE-2002-0364: Buffer Overflow
First published: Wed Jul 03 2002(Updated: )
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services | =5.0 | |
| Microsoft Internet Information Server | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
- http://online.securityfocus.com/archive/1/276767
- http://www.kb.cert.org/vuls/id/313819
- http://www.securityfocus.com/bid/4855
- http://www.iss.net/security_center/static/9327.php
- http://marc.info/?l=ntbugtraq&m=102392308608100&w=2
- http://marc.info/?l=bugtraq&m=102392069305962&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028
- collector/nvd-historical
- vendor/microsoft
- product/internet information services
- canonical/microsoft internet information services
- product/internet information server
- canonical/microsoft internet information server
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/microsoft internet information services/5.0
- version/microsoft internet information server/4.0