• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
Date Entry Created
20001214 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20010116-01)
Votes (Legacy)
ACCEPT(2) Baker, Wall
MODIFY(1) Frech
NOOP(1) Cole
RECAST(1) LeBlanc
REVIEWING(1) Christey
Comments (Legacy)
 Frech> XF:iis-isapi-asp-bo(5510)
 Christey> Consult Microsoft on this one.
 LeBlanc> This one was already fixed in several hotfixes when it was
   found. I'm not sure what the content decision is on this. It is a valid
   problem, but it was already fixed when announced. I will go along with
   an accept vote once it is modified to show fixes.

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.