Description

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Remediation

References

CVE-2002-1180

Related Vulnerabilities

WordPress Plugin Merge+Minify+Refresh Cross-Site Request Forgery (1.10.6)

Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0226)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42111)

Ruby on Rails CVE-2022-23634 Vulnerability (CVE-2022-23634)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) Arbitrary File Upload (6.1)

Severity

High

Classification

CVE-2002-1180

Tags

Missing Update Known Vulnerabilities