National Cyber-Alert System
Vulnerability Summary: CVE-2002-0364
Orirignal release date: 2002-07-03
Source: US-CERT/NIST

Overview

    Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

Impact

    CVSS Severity: 7 (High)
    Range: remote
    Authentication: input buffer="1"
    Impact Type: sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    IIS (Microsoft)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0364