Sign-up

ID

VAR-200204-0009


CVE

CVE-2002-0073


TITLE

Microsoft Internet Information Server (IIS) vulnerable to DoS via malformed FTP connection status request

Trust: 0.8

sources: CERT/CC: VU#412203

DESCRIPTION

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. A vulnerability in IIS could allow an intruder to disrupt ordinary operations of both FTP and Web services on vulnerable IIS servers. The condition is present when a request is made for the FTP transfer status is made via the STAT command. A client issuing this command with a large number of file globbing characters as the argument may cause the service to crash. On IIS 4.0 servers, the service must be manually restarted. On IIS 5.0 and 5.1 servers, the service will restart itself automatically. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves

Trust: 2.61

sources: NVD: CVE-2002-0073 // CERT/CC: VU#412203 // JVNDB: JVNDB-2002-000079 // BID: 4482

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.1

Trust: 0.6

vendor:ciscomodel:unity serverscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.3

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.5

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.4

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.3

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.0.1

Trust: 0.3

sources: CERT/CC: VU#412203 // BID: 4482 // JVNDB: JVNDB-2002-000079 // CNNVD: CNNVD-200204-017 // NVD: CVE-2002-0073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0073
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#412203
value: 24.48

Trust: 0.8

NVD: CVE-2002-0073
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200204-017
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2002-0073
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#412203 // JVNDB: JVNDB-2002-000079 // CNNVD: CNNVD-200204-017 // NVD: CVE-2002-0073

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0073

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200204-017

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200204-017

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2002-000079

PATCH
title:MS02-018url:http://www.microsoft.com/technet/security/bulletin/MS02-018.asp
Trust: 0.8
title:MS02-018url:http://www.microsoft.com/japan/technet/security/bulletin/MS02-018.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2002-000079

EXTERNAL IDS
db:CERT/CCid:VU#412203
Trust: 3.5
db:NVDid:CVE-2002-0073
Trust: 2.7
db:BIDid:4482
Trust: 2.7
db:OSVDBid:3328
Trust: 1.6
db:JVNDBid:JVNDB-2002-000079
Trust: 0.8
db:CNNVDid:CNNVD-200204-017
Trust: 0.6
sources:
            
            
            CERT/CC: VU#412203 // 
            
            
            
            BID: 4482 // 
            
            
            
            JVNDB: JVNDB-2002-000079 // 
            
            
            
            CNNVD: CNNVD-200204-017 // 
            
            
            
            NVD: CVE-2002-0073

REFERENCES
url:http://www.kb.cert.org/vuls/id/412203
Trust: 2.7
url:http://www.cert.org/advisories/ca-2002-09.html
Trust: 2.4
url:http://www.securityfocus.com/bid/4482
Trust: 2.4
url:http://www.iss.net/security_center/static/8801.php
Trust: 1.6
url:http://www.osvdb.org/3328
Trust: 1.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Trust: 1.6
url:http://www.digitaloffense.net/msftpd/advisory.txt
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a24
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a35
Trust: 1.6
url:http://www.cisco.com/warp/public/707/microsoft-iis-vulnerabilities-ms02-018.shtml
Trust: 1.6
url:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=101901273810598&w=2
Trust: 1.6
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0073
Trust: 0.8
url:http://www.jpcert.or.jp/wr/2002/wr021401.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnca-2002-09
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0073
Trust: 0.8
url:http://support.coresecurity.com/impact/exploits/97380de248eedb2084c8138ea4a2f3d1.html
Trust: 0.3
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp
Trust: 0.3
url:http://support.microsoft.com/default.aspx?scid=kb;en-us;q317636
Trust: 0.3
sources:
            
            
            CERT/CC: VU#412203 // 
            
            
            
            BID: 4482 // 
            
            
            
            JVNDB: JVNDB-2002-000079 // 
            
            
            
            CNNVD: CNNVD-200204-017 // 
            
            
            
            NVD: CVE-2002-0073

CREDITS
H D Moore※ hdm@metasploit.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200204-017

SOURCES
db:CERT/CCid:VU#412203
db:BIDid:4482
db:JVNDBid:JVNDB-2002-000079
db:CNNVDid:CNNVD-200204-017
db:NVDid:CVE-2002-0073

LAST UPDATE DATE
2025-04-03T22:25:21.463000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#412203date:2002-04-10T00:00:00
db:BIDid:4482date:2009-07-11T11:56:00
db:JVNDBid:JVNDB-2002-000079date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200204-017date:2021-08-16T00:00:00
db:NVDid:CVE-2002-0073date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#412203date:2002-04-10T00:00:00
db:BIDid:4482date:2002-04-10T00:00:00
db:JVNDBid:JVNDB-2002-000079date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200204-017date:2002-04-22T00:00:00
db:NVDid:CVE-2002-0073date:2002-04-22T04:00:00