CVE-2002-0072

CVE Database · CVE-2002-0072

CVE-2002-0072

· N/AModified

CVSS v3.1

N/A

EPSS

56.63%

Published

Apr 22, 2002

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

Affected Products (2)

microsoft · internet_information_servervulnerable

microsoft · internet_information_servicesvulnerable

References (16)

http://marc.info/?l=bugtraq&m=101853851025208&w=2

http://www.cert.org/advisories/CA-2002-09.html

US Government Resource

http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml

http://www.iss.net/security_center/static/8800.php

http://www.kb.cert.org/vuls/id/521059

US Government Resource

http://www.osvdb.org/3326

http://www.securityfocus.com/bid/4479

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018

http://marc.info/?l=bugtraq&m=101853851025208&w=2

http://www.cert.org/advisories/CA-2002-09.html

KEV Catalog EPSS Scores Vendors All CVEs