CVE-2001-1243

Опубликовано: 04 июл. 2001

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Ссылки

http://www.iss.net/security_center/static/6800.php
Vendor Advisory
http://www.securityfocus.com/archive/1/194919
http://www.securityfocus.com/bid/2973
Exploit
Patch
Vendor Advisory
http://www.iss.net/security_center/static/6800.php
Vendor Advisory
http://www.securityfocus.com/archive/1/194919
http://www.securityfocus.com/bid/2973
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08365

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-385r-ghm4-jjf9

github

больше 3 лет назад