Lucene search

[email protected]CVE-2002-1790

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-1790

2022-10-0316:23:46

[email protected]

web.nvd.nist.gov

smtp

microsoft

internet information services

iis

remote attackers

anti-relaying rules

spam

spoofed messages

cve-2002-1790

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

Affected configurations

NVD

Node

microsoftexchange_serverMatch5.5-

microsoftexchange_serverMatch5.5sp1

microsoftexchange_serverMatch5.5sp2

microsoftinternet_information_serverMatch4.0

microsoftinternet_information_servicesMatch5.0

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq5.5
microsoft:internet_information_servermicrosoft internet information servereq4.0
microsoft:internet_information_servicesmicrosoft internet information serviceseq5.0

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	5.5
microsoft:internet_information_server	microsoft internet information server	eq	4.0
microsoft:internet_information_services	microsoft internet information services	eq	5.0

References

online.securityfocus.com/archive/1/281914

www.iss.net/security_center/static/9580.php

www.securityfocus.com/bid/5213

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2002-1790

nvd2 cvelist2 cve1