Description

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Remediation

References

CVE-2001-1243

Related Vulnerabilities

Joomla Incorrect Authorization Vulnerability (CVE-2018-17857)

WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5101)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8109)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)

Plone CMS Other Vulnerability (CVE-2012-5486)

Severity

Medium

Classification

CVE-2001-1243

Tags

Missing Update Known Vulnerabilities