Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:375859
HistoryJul 09, 2002 - 12:00 a.m.

Microsoft ASP.NET contains buffer overflow

2002-07-0900:00:00
www.kb.cert.org
19

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.052

Percentile

93.1%

JSON

Overview

Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode.

Description

ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.

A remotely exploitable buffer overflow exists in one of the routines used to process cookies in StateServer mode. For more details, please see Microsoft Security Bulletin MS02-026.

Impact

Microsoft states the impact as follows: “An attacker who was able to successfully exploit this vulnerability could cause the application running on the web server to restart. In addition, while Microsoft has not been able to demonstrate it, there is the possibility that an attacker could exploit this vulnerability to cause code to run on the web server. The code could run in the security context of the ASP.NET worker process, which uses an unprivileged account by default”.

Solution

Apply the patch.

Vendor Information

375859

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: July 09, 2002

Status

Affected

Vendor Statement

Please see <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-026.asp&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23375859 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

The CERT/CC thanks Microsoft for the information contained in their security bulletin.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-0369
Severity Metric: 28.35 Date Public:

Related

nvd 1
cve 1
nessus 1
cvelist 1
nvd
nvd
CVE-2002-0369
2002-07-26 04:00:00
cve
cve
CVE-2002-0369
2003-04-02 05:00:00
nessus
nessus
MS02-026: ASP.NET Worker Process StateServer Mode Remote Overflow (322289)
2003-03-02 00:00:00
cvelist
cvelist
CVE-2002-0369
2003-04-02 05:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.052

Percentile

93.1%

JSON
Related for VU:375859
nvd1cve1nessus1cvelist1