PT-2002-1163 · Microsoft · Internet Information Server

Published

2002-04-22

Updated

2020-11-23

CVE-2002-0074

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Internet Information Server (IIS) versions 4.0 through 5.1

Description A cross-site scripting issue in the Help File search facility allows remote attackers to embed scripts into another user's session.

Recommendations For IIS versions 4.0 through 5.1, consider disabling the Help File search facility as a temporary workaround until a patch is available. Restrict access to the search facility to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0074

Affected Products

Internet Information Server

PT-2002-1163 · Microsoft · Internet Information Server

CVE-2002-0074

Related Identifiers

Affected Products

References · 12