Sign-up

ID

VAR-200204-0019


CVE

CVE-2002-0150


TITLE

Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields

Trust: 0.8

sources: CERT/CC: VU#454091

DESCRIPTION

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. A buffer overflow in IIS could allow an intruder to execute arbitrary code the the privileges of the ASP ISAPI extension. A buffer overflow related to the processing of request header fields has been reported for Microsoft IIS (Internet Information Services). This problem is related to the interpretation of HTTP header field delimiters. This vulnerability affects IIS 4.0, IIS 5.0 and IIS 5.1. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves

Trust: 2.61

sources: NVD: CVE-2002-0150 // CERT/CC: VU#454091 // JVNDB: JVNDB-2002-000086 // BID: 4476

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.1

Trust: 0.6

vendor:ciscomodel:unity serverscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.3

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:unity serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:call managerscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.5

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.4

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.3

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:building broadband service managerscope:eqversion:4.0.1

Trust: 0.3

sources: BID: 4476 // JVNDB: JVNDB-2002-000086 // CNNVD: CNNVD-200204-018 // NVD: CVE-2002-0150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0150
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#454091
value: 51.30

Trust: 0.8

NVD: CVE-2002-0150
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200204-018
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2002-0150
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#454091 // JVNDB: JVNDB-2002-000086 // CNNVD: CNNVD-200204-018 // NVD: CVE-2002-0150

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200204-018

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200204-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2002-000086

PATCH
title:MS02-018url:http://www.microsoft.com/technet/security/bulletin/MS02-018.asp
Trust: 0.8
title:MS02-018url:http://www.microsoft.com/japan/technet/security/Bulletin/MS02-018.mspx
Trust: 0.8
title:Microsoft IIS HTTP Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134902
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2002-000086 // 
            
            
            
            CNNVD: CNNVD-200204-018

EXTERNAL IDS
db:CERT/CCid:VU#454091
Trust: 3.5
db:BIDid:4476
Trust: 2.7
db:NVDid:CVE-2002-0150
Trust: 2.4
db:OSVDBid:3316
Trust: 1.6
db:JVNDBid:JVNDB-2002-000086
Trust: 0.8
db:CNNVDid:CNNVD-200204-018
Trust: 0.6
sources:
            
            
            CERT/CC: VU#454091 // 
            
            
            
            BID: 4476 // 
            
            
            
            JVNDB: JVNDB-2002-000086 // 
            
            
            
            CNNVD: CNNVD-200204-018 // 
            
            
            
            NVD: CVE-2002-0150

REFERENCES
url:http://www.kb.cert.org/vuls/id/454091
Trust: 2.7
url:http://www.cert.org/advisories/ca-2002-09.html
Trust: 2.4
url:http://www.securityfocus.com/bid/4476
Trust: 2.4
url:http://www.iss.net/security_center/static/8797.php
Trust: 1.6
url:http://www.osvdb.org/3316
Trust: 1.6
url:http://www.cisco.com/warp/public/707/microsoft-iis-vulnerabilities-ms02-018.shtml
Trust: 1.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a137
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a39
Trust: 1.6
url:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Trust: 0.8
url:http://www.microsoft.com/technet/security/tools/locktool.asp
Trust: 0.8
url:http://www.microsoft.com/technet/security/urlscan.asp
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0150
Trust: 0.8
url:http://www.jpcert.or.jp/wr/2002/wr021401.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnca-2002-09
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0150
Trust: 0.8
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp
Trust: 0.3
url:http://support.microsoft.com/default.aspx?scid=kb;en-us;q317636
Trust: 0.3
url:http://www.microsoft.com/technet/security/advisory/default.mspx
Trust: 0.3
sources:
            
            
            CERT/CC: VU#454091 // 
            
            
            
            BID: 4476 // 
            
            
            
            JVNDB: JVNDB-2002-000086 // 
            
            
            
            CNNVD: CNNVD-200204-018 // 
            
            
            
            NVD: CVE-2002-0150

CREDITS
Serge Mister
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200204-018

SOURCES
db:CERT/CCid:VU#454091
db:BIDid:4476
db:JVNDBid:JVNDB-2002-000086
db:CNNVDid:CNNVD-200204-018
db:NVDid:CVE-2002-0150

LAST UPDATE DATE
2025-04-03T22:36:24.194000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#454091date:2002-04-10T00:00:00
db:BIDid:4476date:2002-04-10T00:00:00
db:JVNDBid:JVNDB-2002-000086date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200204-018date:2020-11-25T00:00:00
db:NVDid:CVE-2002-0150date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#454091date:2002-04-10T00:00:00
db:BIDid:4476date:2002-04-10T00:00:00
db:JVNDBid:JVNDB-2002-000086date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200204-018date:2002-04-22T00:00:00
db:NVDid:CVE-2002-0150date:2002-04-22T04:00:00