CVE-2002-1745

CVE Database · CVE-2002-1745

CVE-2002-1745

· HIGHModified

CVSS v3.1

7.5

EPSS

17.66%

Published

Dec 31, 2002

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-193

Affected Products (1)

microsoft · internet_information_servicesvulnerable

References (6)

http://online.securityfocus.com/archive/1/268303

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/4543

Broken LinkThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/8853

Third Party AdvisoryVDB Entry

http://online.securityfocus.com/archive/1/268303

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/4543

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs