CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service CPU consumption via a direct request to the 1 advsearch.asp, 2 query.asp, or 3 search.asp scripts...

CVE-1999-0360

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...

CVE-2002-1992

Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via 1 a long template file name or 2 a long HTTP header...

Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/2048/info The Phone Book Service is an optional component that ships with the NT 4 Option Pack and Windows 2000. It is not installed by default. A buffer overflow vulnerability was discovered in the URL processing routine...

CVE-2002-1992

Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via 1 a long template file name or 2 a long HTTP header...

Corsaire Security Advisory 2003-02-24.1

-- Corsaire Security Advisory -- Title: Port80 Software ServerMask inconsistencies Date: 24.02.03 Application: Port80 Software ServerMask 2.2 and prior Environment: IIS 4 / IIS 5 / IIS 5.1 Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030224-001 -- Sco...

Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerability

Description Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects. It is reported that an attacker may exploit this vulnerability by issuing a large request to an affected IIS Web server. An attacker may exploit this issue to execute arbitrary code in the...

CVE-2002-0419

The CVE-2002-0419 entry describes information leaks in Microsoft IIS versions 4 through 5.1 where remote attackers can learn sensitive details via server responses. Specifically, when Basic authentication is used, the server may reveal its IP address as the realm, potentially exposing NAT-obscure...

Blueworld WebData Engine 1.6.5

The other day i run through a web server that was running Blueworld WebData Engine 1.6.5 and IIS 4, for my surprise after sending a really "simple" attack the server stop responding, could someone thats running WebData engine 1.6.5 verify this. exploit: export ATTACK=perl -e "print 'A' x 1600" wg...

CVE-1999-1538

The CVE-1999-1538 issue affects Microsoft IIS where, after upgrading IIS 2 or 3 to IIS 4, the ism.dll file is left in /scripts/iisadmin. This unmanaged file does not restrict access, enabling an unauthorized user to access sensitive server information, including the Administrator’s password, via ...

DOSSING IIS 4 or IIS5 fully patched using GET /%0%0 HTTP/1.0

NtWaK0, SecurHack. Labs Security Advisory 1-13-2001 DOSSING IIS 4 or IIS5 fully patched using GET /00 HTTP/1.0 oooooooooooooooooo Vulnerable Systems oooooooooooooooooo IIS 4 and IIS 5 even if fully patched. oooooooo Synopsis oooooooo While playing with miner in retina I sent this GET /00 HTTP/1.0...

Microsoft Windows NT 4.0 - Phonebook Server Buffer Overflow

Microsoft Windows NT 4.0 - Phonebook Server Buffer Overflow source: https://www.securityfocus.com/bid/2048/info The Phone Book Service is an optional component that ships with the NT 4 Option Pack and Windows 2000. It is not installed by default. A buffer overflow vulnerability was discovered in...

CVE-2000-0126

CVE-2000-0126 affects Microsoft IIS 3 and 4 via the idq.dll component. The vulnerability enables remote attackers to read arbitrary files on the target system by exploiting a dot-dot ('..') traversal in the IDQ scripts, specifically through the query.idq parameter. The root cause is a traversal f...

CVE-1999-0360

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...

CVE-1999-0360

CVE-1999-0360 affects MS Site Server 2.0 on IIS 4, where the web server can accept uploaded content (including ASP), enabling remote command execution. A Nessus plugin notes a specific verifiable vector: the repost.asp script allows uploading arbitrary files to /Users when misconfigured. Root cau...

CVE-1999-0449

The CVE-1999-0449 entry applies to Microsoft IIS 4, specifically the ExAir sample site. A remote attacker can cause a denial of service (CPU consumption) by directly requesting one of three ASP scripts: advsearch.asp, query.asp, or search.asp. The connected Red Hat and CPAI advisories corroborate...

CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service CPU consumption via a direct request to the 1 advsearch.asp, 2 query.asp, or 3 search.asp scripts...

ms-iis4-avoid-log.txt

Date: Fri, 22 Jan 1999 10:12:52 -0000 From: mnemonix To: [email protected] Subject: IIS 4 Request Logging Security Advisory There is are a combination of problems with IIS 4 that allows an successful HTTP request to go unlogged. Microsoft's Internet Information Server 4 allows the use of any...

CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service CPU consumption via a direct request to the 1 advsearch.asp, 2 query.asp, or 3 search.asp scripts...