Details of VAR-200204-0017

ID

VAR-200204-0017

CVE

CVE-2002-0148

TITLE

Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in IIS Help Files search facility

Trust: 0.8

sources: CERT/CC: VU#883091

DESCRIPTION

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Microsoft IIS 4.0/5.0/5.1 Has the potential to cause problems that can lead to cross-site scripting. below 3 There are two problems. * IIS The search results page of the help file does not properly convert the metacharacters contained in the request sent by the client. * "404 not found" As part of the error page, the metacharacters included in the request from the client are sent to the client without conversion. * Internet Explorer If you are using a browser other than "302 Object Moved" As part of the error page, the metacharacters contained in the request from the client are sent to the client without conversion. A Cross Site Scripting issue exists in some versions of IIS. The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user supplied input. An attacker may construct a link to a vulnerable server such that it exploits this vulnerability. When an innocent user follows this link, the script code will be reproduced by the server, and execute within the context of the vulnerable site. This may result in the exposure of sensitive data and cookie information, or allow the attacker to subvert the content and functionality of the site. It has been reported that this issue may be exploited to steal cookie-based authentication credentials from users of a number of Microsoft domains/services (such as hotmail, passport, etc.). A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves

Trust: 4.59

sources: NVD: CVE-2002-0148 // CERT/CC: VU#883091 // CERT/CC: VU#886699 // CERT/CC: VU#520707 // JVNDB: JVNDB-2002-000084 // BID: 4483 // BID: 4487 // BID: 4486

AFFECTED PRODUCTS

vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	microsoft	model:	iis	scope:	eq	version:	5.1	Trust: 1.7
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 1.7
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 1.4
vendor:	cisco	model:	unity server	scope:	eq	version:	2.4	Trust: 0.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.3	Trust: 0.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.2	Trust: 0.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.1	Trust: 0.9
vendor:	cisco	model:	unity server	scope:	eq	version:	2.0	Trust: 0.9
vendor:	cisco	model:	call manager	scope:	eq	version:	3.2	Trust: 0.9
vendor:	cisco	model:	call manager	scope:	eq	version:	3.1	Trust: 0.9
vendor:	cisco	model:	call manager	scope:	eq	version:	3.0	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	5.1	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	5.0	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	4.5	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	4.4	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	4.3	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	4.2	Trust: 0.9
vendor:	cisco	model:	building broadband service manager	scope:	eq	version:	4.0.1	Trust: 0.9
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.1	Trust: 0.6

sources: CERT/CC: VU#883091 // CERT/CC: VU#886699 // CERT/CC: VU#520707 // BID: 4483 // BID: 4487 // BID: 4486 // JVNDB: JVNDB-2002-000084 // CNNVD: CNNVD-200204-015 // NVD: CVE-2002-0148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0148
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#883091
value:	15.95
Trust: 0.8
CARNEGIE MELLON:	VU#886699
value:	15.95
Trust: 0.8
CARNEGIE MELLON:	VU#520707
value:	15.95
Trust: 0.8
NVD:	CVE-2002-0148
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200204-015
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2002-0148
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#883091 // CERT/CC: VU#886699 // CERT/CC: VU#520707 // JVNDB: JVNDB-2002-000084 // CNNVD: CNNVD-200204-015 // NVD: CVE-2002-0148

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0148

THREAT TYPE

network

Trust: 0.9

sources: BID: 4483 // BID: 4487 // BID: 4486

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 4483 // BID: 4487 // BID: 4486

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000084

PATCH

title:	MS02-018	url:	http://www.microsoft.com/technet/security/bulletin/MS02-018.asp	Trust: 0.8
title:	MS02-018	url:	http://www.microsoft.com/japan/technet/security/Bulletin/MS02-018.mspx	Trust: 0.8
title:	Internet Information Server Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134903	Trust: 0.6

sources: JVNDB: JVNDB-2002-000084 // CNNVD: CNNVD-200204-015

EXTERNAL IDS

db:	BID	id:	4486	Trust: 3.5
db:	CERT/CC	id:	VU#886699	Trust: 3.5
db:	NVD	id:	CVE-2002-0148	Trust: 2.4
db:	OSVDB	id:	3339	Trust: 1.6
db:	CERT/CC	id:	VU#883091	Trust: 1.1
db:	CERT/CC	id:	VU#520707	Trust: 1.1
db:	BID	id:	4483	Trust: 1.1
db:	BID	id:	4487	Trust: 1.1
db:	JVNDB	id:	JVNDB-2002-000084	Trust: 0.8
db:	CNNVD	id:	CNNVD-200204-015	Trust: 0.6

REFERENCES

url:	http://www.securityfocus.com/bid/4486	Trust: 4.2
url:	http://www.kb.cert.org/vuls/id/886699	Trust: 3.7
url:	http://www.cert.org/advisories/ca-2002-09.html	Trust: 3.4
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a81	Trust: 2.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a92	Trust: 2.6
url:	http://www.cisco.com/warp/public/707/microsoft-iis-vulnerabilities-ms02-018.shtml	Trust: 2.6
url:	http://www.osvdb.org/3339	Trust: 2.6
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018	Trust: 2.6
url:	http://www.iss.net/security_center/static/8803.php	Trust: 2.6
url:	http://www.microsoft.com/technet/security/bulletin/ms02-018.asp	Trust: 1.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp	Trust: 0.9
url:	http://www.microsoft.com/technet/security/advisory/default.mspx	Trust: 0.9
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://www.cert.org/advisories/ca-2000-02.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0148	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2002/wr021401.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnca-2002-09	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0148	Trust: 0.8
url:	http://www.securityfocus.com/bid/4487	Trust: 0.8
url:	http://www.securityfocus.com/bid/4483	Trust: 0.8
url:	http://support.microsoft.com/default.aspx?scid=kb;en-us;q317636	Trust: 0.6
url:	http://www.kb.cert.org/vuls/id/883091	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/520707	Trust: 0.3
url:	http://jscript.dk/adv/tl001/	Trust: 0.3

CREDITS

Thor Larholm※ Thor@jubii.dk

Trust: 0.6

sources: CNNVD: CNNVD-200204-015

SOURCES

db:	CERT/CC	id:	VU#883091
db:	CERT/CC	id:	VU#886699
db:	CERT/CC	id:	VU#520707
db:	BID	id:	4483
db:	BID	id:	4487
db:	BID	id:	4486
db:	JVNDB	id:	JVNDB-2002-000084
db:	CNNVD	id:	CNNVD-200204-015
db:	NVD	id:	CVE-2002-0148

LAST UPDATE DATE

2024-11-22T22:54:22.162000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#883091	date:	2002-04-10T00:00:00
db:	CERT/CC	id:	VU#886699	date:	2004-02-23T00:00:00
db:	CERT/CC	id:	VU#520707	date:	2002-04-10T00:00:00
db:	BID	id:	4483	date:	2002-04-10T00:00:00
db:	BID	id:	4487	date:	2002-04-10T00:00:00
db:	BID	id:	4486	date:	2002-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2002-000084	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200204-015	date:	2020-11-25T00:00:00
db:	NVD	id:	CVE-2002-0148	date:	2024-11-20T23:38:25.520

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#883091	date:	2002-04-10T00:00:00
db:	CERT/CC	id:	VU#886699	date:	2002-04-10T00:00:00
db:	CERT/CC	id:	VU#520707	date:	2002-04-10T00:00:00
db:	BID	id:	4483	date:	2002-04-10T00:00:00
db:	BID	id:	4487	date:	2002-04-10T00:00:00
db:	BID	id:	4486	date:	2002-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2002-000084	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200204-015	date:	2002-04-22T00:00:00
db:	NVD	id:	CVE-2002-0148	date:	2002-04-22T04:00:00