CVE-2002-1180

high

Description

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062

http://www.securityfocus.com/bid/6071

http://www.securityfocus.com/bid/6068

http://www.iss.net/security_center/static/10504.php

http://www.ciac.org/ciac/bulletins/n-011.shtml

Details

Source: Mitre, NVD

Published: 2002-11-12

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High