Lucene search

[email protected]CVE-2003-0224

HistoryJun 09, 2003 - 4:00 a.m.

CVE-2003-0224

2003-06-0904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0224

buffer overflow

ssinc.dll

microsoft

iis 5.0

ssi

web security

7.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.8%

JSON

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka “Server Side Include Web Pages Buffer Overrun.”

CPENameOperatorVersion
microsoft:internet_information_servicesmicrosoft internet information serviceseq5.0

CPE	Name	Operator	Version
microsoft:internet_information_services	microsoft internet information services	eq	5.0

References

marc.info/?l=ntbugtraq&m=105431767100944&w=2

docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A483

7.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2003-0224

securityvulns1 openvas1 nessus1