Test ID:	1.3.6.1.4.1.25623.1.0.10936
Category:	Web Servers
Title:	Microsoft Internet Information Services (IIS) Multiple Vulnerabilities (MS02-018) - Active Check
Summary:	Microsoft Internet Information Services (IIS) is prone to; multiple vulnerabilities.
Description:	Summary: Microsoft Internet Information Services (IIS) is prone to multiple vulnerabilities. Vulnerability Insight: This IIS Server appears to vulnerable to one of the cross-site scripting (XSS) attacks described in MS02-018: The default '404' file returned by IIS uses scripting to output a link to top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the page for execution. Solution: The vendor has released an update. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0079 BugTraq ID: 4485 http://www.securityfocus.com/bid/4485 Bugtraq: 20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow (Google Search) http://marc.info/?l=bugtraq&m=101846993304518&w=2 http://www.cert.org/advisories/CA-2002-09.html CERT/CC vulnerability note: VU#610291 http://www.kb.cert.org/vuls/id/610291 Cisco Security Advisory: 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Microsoft Security Bulletin: MS02-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25 http://www.iss.net/security_center/static/8795.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0147 BugTraq ID: 4490 http://www.securityfocus.com/bid/4490 CERT/CC vulnerability note: VU#669779 http://www.kb.cert.org/vuls/id/669779 http://www.osvdb.org/3301 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A22 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A72 http://www.iss.net/security_center/static/8796.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0150 BugTraq ID: 4476 http://www.securityfocus.com/bid/4476 CERT/CC vulnerability note: VU#454091 http://www.kb.cert.org/vuls/id/454091 http://www.osvdb.org/3316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A39 http://www.iss.net/security_center/static/8797.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0149 BugTraq ID: 4478 http://www.securityfocus.com/bid/4478 CERT/CC vulnerability note: VU#721963 http://www.kb.cert.org/vuls/id/721963 http://www.osvdb.org/3320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95 http://www.iss.net/security_center/static/8798.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0071 @stake Security Advisory: A041002-1 http://www.atstake.com/research/advisories/2002/a041002-1.txt BugTraq ID: 4474 http://www.securityfocus.com/bid/4474 Bugtraq: 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (Google Search) http://marc.info/?l=bugtraq&m=101854087828265&w=2 CERT/CC vulnerability note: VU#363715 http://www.kb.cert.org/vuls/id/363715 http://www.osvdb.org/3325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45 http://www.iss.net/security_center/static/8799.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0072 BugTraq ID: 4479 http://www.securityfocus.com/bid/4479 Bugtraq: 20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service (Google Search) http://marc.info/?l=bugtraq&m=101853851025208&w=2 CERT/CC vulnerability note: VU#521059 http://www.kb.cert.org/vuls/id/521059 http://www.osvdb.org/3326 http://www.iss.net/security_center/static/8800.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0073 BugTraq ID: 4482 http://www.securityfocus.com/bid/4482 Bugtraq: 20020417 Microsoft FTP Service STAT Globbing DoS (Google Search) http://marc.info/?l=bugtraq&m=101901273810598&w=2 CERT/CC vulnerability note: VU#412203 http://www.kb.cert.org/vuls/id/412203 http://www.digitaloffense.net/msftpd/advisory.txt http://www.osvdb.org/3328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html http://www.iss.net/security_center/static/8801.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0074 BugTraq ID: 4483 http://www.securityfocus.com/bid/4483 Bugtraq: 20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues (Google Search) http://seclists.org/bugtraq/2002/Apr/0126.html CERT/CC vulnerability note: VU#883091 http://www.kb.cert.org/vuls/id/883091 http://www.cgisecurity.com/advisory/9.txt http://www.osvdb.org/3338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46 http://www.iss.net/security_center/static/8802.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0148 BugTraq ID: 4486 http://www.securityfocus.com/bid/4486 Bugtraq: 20020410 IIS allows universal CrossSiteScripting (Google Search) CERT/CC vulnerability note: VU#886699 http://www.kb.cert.org/vuls/id/886699 http://www.osvdb.org/3339 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92 http://www.iss.net/security_center/static/8803.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0075 BugTraq ID: 4487 http://www.securityfocus.com/bid/4487 Bugtraq: 20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting (Google Search) http://marc.info/?l=bugtraq&m=101854677802990&w=2 CERT/CC vulnerability note: VU#520707 http://www.kb.cert.org/vuls/id/520707 http://www.osvdb.org/3341 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58 http://www.iss.net/security_center/static/8804.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0224 BugTraq ID: 4006 http://www.securityfocus.com/bid/4006 Bugtraq: 20020131 msdtc on 3372 (Google Search) http://online.securityfocus.com/archive/1/253360 Bugtraq: 20020419 KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS (Google Search) http://online.securityfocus.com/archive/1/268593 http://www.iss.net/security_center/static/8046.php
Copyright	Copyright (C) 2002 Matt Moore

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.