PT-2002-2440 · Microsoft · Internet Information Server+1

Published

2002-12-31

Updated

2020-12-09

CVE-2002-1718

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Server (IIS) version 5.1

Description The issue allows remote attackers to view the contents of a Frontpage Server Extension (FPSE) file. This can be achieved by sending an HTTP request for colegal.htm that contains .. (dot dot) sequences.

Recommendations For Microsoft Internet Information Server (IIS) version 5.1, consider restricting access to FPSE files until a patch is available. As a temporary workaround, avoid using the .. (dot dot) sequences in HTTP requests for colegal.htm. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2002-1718

Affected Products

Frontpage Server Extensions

Internet Information Server

PT-2002-2440 · Microsoft · Internet Information Server+1

CVE-2002-1718

Weakness Enumeration

Related Identifiers

Affected Products

References · 6