CVE-2002-1745

HIGH

Microsoft IIS 5.0 - Info Disclosure

Title source: llm

Description

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/8853

[Broken Link, Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/268303

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4543

Scores

CVSS v3 7.5

EPSS 0.1017

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-193

Status published

Products (1)

microsoft/internet_information_services 5.0

Published Dec 31, 2002

Tracked Since Feb 18, 2026