CVE - CVE-2002-1180

CVE-ID
CVE-2002-1180	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:6068 URL:http://www.securityfocus.com/bid/6068 BID:6071 URL:http://www.securityfocus.com/bid/6071 CIAC:N-011 URL:http://www.ciac.org/ciac/bulletins/n-011.shtml MS:MS02-062 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 OVAL:oval:org.mitre.oval:def:931 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931 XF:iis-script-source-access-bypass(10504) URL:~~http://www.iss.net/security_center/static/10504.php~~ (Obsolete source - check if archived by the Wayback Machine)
Date Record Created
20040901	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)