Description

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

Remediation

References

CVE-2002-0072

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2009-2622)

WordPress 4.0.x Prototype Pollution (4.0 - 4.0.34)

Python Other Vulnerability (CVE-2015-5652)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-42029)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16781)

Severity

Medium

Classification

CVE-2002-0072

Tags

Missing Update Known Vulnerabilities