CVE-2002-1180

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Published: Nov 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1180
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_services	5.0	5.0.x

http://www.ciac.org/ciac/bulletins/n-011.shtml
http://www.iss.net/security_center/static/10504.php
http://www.securityfocus.com/bid/6068
http://www.securityfocus.com/bid/6071
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931

Vulnerability Database

289,697

CVE-2002-1180