CVE-2002-1745
First published: Tue Dec 31 2002(Updated: )
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services (IIS) | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1745?
CVE-2002-1745 is considered to have a moderate severity level due to potential information disclosure risks.
How do I fix CVE-2002-1745?
To mitigate CVE-2002-1745, it is recommended to upgrade from Microsoft IIS 5.0 to a newer version that does not contain this vulnerability.
What types of files are affected by CVE-2002-1745?
CVE-2002-1745 affects files with extensions such as .html, .htm, .asp, and .inc, particularly with an additional character in their names.
Who exploits CVE-2002-1745?
CVE-2002-1745 can be exploited by remote attackers looking to view the source code of sensitive files hosted on vulnerable IIS servers.
Is CVE-2002-1745 still a concern today?
While CVE-2002-1745 primarily affects older systems, it remains a concern for organizations still using Microsoft IIS 5.0.
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/author
- vendor/microsoft
- canonical/microsoft internet information services (iis)
- version/microsoft internet information services (iis)/5.0