12 matches found
Chunked encoding post can consume excessive memory on IIS 4.0 webserver
Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...
Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow (4)
/ source: https://www.securityfocus.com/bid/4485/info A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS Internet Information Services. This condition affects IIS 4.0 and IIS 5.0. Exploitation of this...
CVE-1999-1233
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability...
NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.
Hi, Our PT team found the following vulnerability in security policy implementation with NT Server and IIS 4.0. NT user who is locked changing his/her password by administrator can bypass the security policy and Change the password. Vulnerable: Microsoft Windows NT Server 4.0 + IIS 4.0 + Service...
scx-sa-08.txt
===================================================================== Securax-SA-08 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: IIS4.0 Denial Of Service part 1 Announced: 2000-11-03 Updated: 2000-11-03 Affects: I...
CVE-2000-0226
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."...
iis-enumerate.txt
I was recently auditing the security on one of my web servers when I cameacross a new Extension Enumerate Root Web Server Directory Vulnerability forIIS 4.0. Going to the main website and asking for anything.idq I get thepage cannot be found. But if the files for the web server reside on a sharet...
CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...
CVE-1999-1233
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability...
Microsoft IIS 4.0 - Remote Buffer Overflow (2)
source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target...
Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA
source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...
Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration
Microsoft IIS 4 Windows NT - Remote Web-Based Administration source: https://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy...