Lucene search

K
cve[email protected]CVE-2002-0421
HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0421

2002-08-1204:00:00
NVD-CWE-Other
web.nvd.nist.gov
35
iis 4.0
password policy bypass
local users
.htr files
cve-2002-0421.

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.973 High

EPSS

Percentile

99.9%

IIS 4.0 allows local users to bypass the β€œUser cannot change password” policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.973 High

EPSS

Percentile

99.9%

Related for CVE-2002-0421