CVE-2002-1745
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
Published
2002-12-31T05:00:00.000
Last Modified
2025-04-03T01:03:51.193
Status
Deferred
Source
[email protected]
Severity
CVSSv3.1: 7.5 (HIGH)
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: NONE
- Availability Impact: NONE
Exploitability Score
10.0
Impact Score
2.9
Weaknesses
Affected Vendors & Products
References
-
http://online.securityfocus.com/archive/1/268303
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securityfocus.com/bid/4543
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/8853
Third Party Advisory, VDB Entry
([email protected])
-
http://online.securityfocus.com/archive/1/268303
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securityfocus.com/bid/4543
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/8853
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)