CVE-2002-0075

Name of the Vulnerable Software and Affected Versions Internet Information Server (IIS) versions 4.0 through 5.1

Description A cross-site scripting issue allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect ("302 Object Moved") message.

Recommendations For IIS versions 4.0 through 5.1, consider disabling the URL redirect feature that generates the "302 Object Moved" message until a patch is available. Restrict access to error messages that could be used to inject malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.