CVE-2002-0072

CVE-2002-0072 describes a denial-of-service in Microsoft IIS 4.0/5.0/5.1 caused by the w3svc.dll FP2002/ISAPI filter when handling an overly long URL. The error handling rewrites a URL to a null value and then dereferences it, crashing Inetinfo.exe. Affected components: FP2002 Front Page Server E...

CVE-2002-0892

CVE-2002-0892 affects ServletExec 4.1 ISAPI. Affected component is the JSP servlet filter (com.newatlanta.servletexec.JSP10Servlet). The root cause is an information disclosure: requesting a non-existent .JSP file or invoking the JSPServlet without a filename causes the server to leak the web roo...

CVE-2002-0186

CVE-2002-0186 describes a buffer overflow in the Microsoft SQLXML ISAPI extension for SQL Server 2000. The flaw arises from inadequate validation of the contenttype parameter in SQLXML HTTP requests, allowing a remote attacker to trigger a crash or execute arbitrary code (the extension runs with ...

CVE-2002-0801

The CVE-2002-0801 issue affects Macromedia JRun 3.1 on Windows, where the ISAPI DLL filter for JRun is vulnerable to a buffer overflow via a long Host header in a request for a .jsp file. This allows a remote attacker to execute arbitrary code with SYSTEM privileges by sending a crafted request t...

CVE-2002-0071

CVE-2002-0071: Buffer overflow in the ism.dll ISAPI extension (HTR) of Microsoft IIS 4.0/5.0 allows DoS or arbitrary code execution via crafted HTR requests with long variable names. The vulnerability affects IIS 4.0, 5.0 (and 5.1 per advisories) and is addressed by Microsoft Security Bulletin MS...

CVE-2002-0071

Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server IIS 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names...

CVE-2002-1685

Cross-site scripting vulnerability XSS in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI...

CVE-2002-1310

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name...

CVE-2002-1309

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name...

CVE-2002-1309

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name...

CVE-2002-1310

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name...

CVE-2002-1310

The CVE-2002-1310 entry affects the IIS ISAPI handler for Macromedia JRun 4.0 and earlier, where a heap-based buffer overflow in the error-handling path can be triggered by an HTTP GET with a long .jsp filename. This leads to potential remote arbitrary-code execution. The vulnerability is tied to...

CVE-2002-1309

The vulnerability CVE-2002-1309 is a heap-based buffer overflow in the error-handling path of the IIS ISAPI handler for Macromedia ColdFusion 6.0. An unauthenticated remote attacker could trigger arbitrary code execution by sending an HTTP GET request with a long .cfm filename. The description an...

EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Release Date: November 12, 2002 Severity: High Remote SYSTEM level code execution Systems Affected: Macromedia Coldfusion 6.0 and prior IIS ISAPI Macromedia JRun 4.0 and prior IIS ISAPI Description: Macromedia JRun and...

CVE-2002-0892

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message...

CVE-2002-0894

Affected software: NewAtlanta ServletExec ISAPI 4.1. The issue: remote denial of service caused by sending an overly long request for a .jsp file or a long URL to com.newatlanta.servletexec.JSP10Servlet. Vulnerable component: the ServletExec/JRun ISAPI handling for JSP requests. Impact: the remot...

CVE-2002-0893

The CVE-2002-0893 entry maps to ServletExec 4.1 ISAPI vulnerability in the JSP10Servlet that enables directory traversal. Multiple connected sources describe that by issuing a URL-encoded "..%5c" (modified dot-dot) to com.newatlanta.servletexec.JSP10Servlet, an attacker can read arbitrary files w...

Re: MFC ISAPI Framework Buffer Overflow

In-Reply-To: [email protected] BadBlue and all vendors who wrote ISAPI extensions with MFC should recompile with Visual Studio 6.0 SP4 or later. There were serious problems with many ISAPI extensions built with earlier versions of the MFC libraries. 2 problems are documente...

Buffer overflow in MFC ISAPI

Buffer overflow on HTTP request parsing...

MFC ISAPI Framework Buffer Overflow

Systems Affected: All ISAs written using MFC ISAPI framework Issue: User-input length values can result in a buffer overflow. Risk: Critical Scope: Remote Server Compromise The MFC ISAPI framework is widely used to build ISAs that run on a multitude of web servers. It has been discovered that the...