CVE-2002-0421
Published Aug 12, 2002
Last updated 16 years ago
Overview
- Description
- IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C5FCE82-1E2F-49B9-B504-8C03F2BCF296"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "089A953C-8446-4E6F-B506-430C38DF37B1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "656AE014-AEEC-46E8-A696-61FEA7932F21"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93BA426E-DD51-44AC-BE78-3164670FF9E1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBBBF25A-709B-4716-9894-AD82180091AD"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82781A72-A34F-4668-9EE8-C203B04E3367"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCDFDBBA-6C4F-472A-9F4F-461C424794E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3"
}
],
"operator": "OR"
}
]
}
]