CVE-2002-0364

Published: Jul 3, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

Affected (2)

Products: Microsoft: Internet Information Server, Internet Information Services

Microsoft

2 products

Internet Information Server

Internet Information Services

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Information Server	Version 4.0
Microsoft Internet Information Services	Version 5.0

References (20)

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=102392069305962&w=2

Source: cve@mitre.org

http://marc.info/?l=ntbugtraq&m=102392308608100&w=2

Source: cve@mitre.org

http://online.securityfocus.com/archive/1/276767

Source: cve@mitre.org

http://www.iss.net/security_center/static/9327.php

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/313819

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/4855

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29

Source: cve@mitre.org

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html