Описание
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2002-0072
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- http://marc.info/?l=bugtraq&m=101853851025208&w=2
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8800.php
- http://www.kb.cert.org/vuls/id/521059
- http://www.osvdb.org/3326
- http://www.securityfocus.com/bid/4479
EPSS
CVE ID
Связанные уязвимости
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
EPSS