CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-0421

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.237

EPSS Ranking 95.7%

CVSS Severity

CVSS v2 Score 5.0

References

http://online.securityfocus.com/archive/1/259963
http://www.iss.net/security_center/static/8388.php
http://www.securityfocus.com/bid/4236
http://online.securityfocus.com/archive/1/259963
http://www.iss.net/security_center/static/8388.php
http://www.securityfocus.com/bid/4236

Products affected by CVE-2002-0421

Microsoft » Windows Nt » Version: 4.0

cpe:2.3:o:microsoft:windows_nt:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0421

Products

Pricing

Contact Us