CVE-2002-0894

NewAtlanta ServletExec ISAPI 4.1 - Denial of Service via Long JSP File Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0894. PoCs published by Matt Moore.

AI-analyzed exploit summary This exploit sends an overly long HTTP GET request to a vulnerable ServletExec ISAPI filter, causing a denial of service (DoS) by crashing the underlying IIS server. The attack leverages insufficient bounds checking in the JSPServlet component.

Description

NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Matt Moore · cdoswindows
https://www.exploit-db.com/exploits/21471

This exploit sends an overly long HTTP GET request to a vulnerable ServletExec ISAPI filter, causing a denial of service (DoS) by crashing the underlying IIS server. The attack leverages insufficient bounds checking in the JSPServlet component.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: NewAtlanta ServletExec ISAPI 4.1
No auth needed
Prerequisites: Target running ServletExec ISAPI 4.1 on IIS · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/273615
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4796
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9141.php

Scores

EPSS 0.0332
EPSS Percentile 87.0%

Details

Status published
Products (1)
new_atlanta_communications/servletexec_isapi 4.1
Published Oct 04, 2002
Tracked Since Feb 18, 2026