Lucene search
K

12 matches found

CERT
CERT
added 2002/06/13 12:0 a.m.30 views

Chunked encoding post can consume excessive memory on IIS 4.0 webserver

Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...

5CVSS6.5AI score0.06808EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2002/04/24 12:0 a.m.66 views

Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow (4)

/ source: https://www.securityfocus.com/bid/4485/info A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS Internet Information Services. This condition affects IIS 4.0 and IIS 5.0. Exploitation of this...

7AI score
Exploits0
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.21 views

CVE-1999-1233

IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability...

6.5AI score0.05451EPSS
Exploits1References4
securityvulns
securityvulns
added 2002/03/07 12:0 a.m.22 views

NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.

Hi, Our PT team found the following vulnerability in security policy implementation with NT Server and IIS 4.0. NT user who is locked changing his/her password by administrator can bypass the security policy and Change the password. Vulnerable: Microsoft Windows NT Server 4.0 + IIS 4.0 + Service...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2000/11/05 12:0 a.m.42 views

scx-sa-08.txt

===================================================================== Securax-SA-08 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: IIS4.0 Denial Of Service part 1 Announced: 2000-11-03 Updated: 2000-11-03 Affects: I...

7.4AI score
Exploits0
NVD
NVD
added 2000/03/20 5:0 a.m.20 views

CVE-2000-0226

IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."...

5CVSS6.8AI score0.06808EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2000/03/09 12:0 a.m.34 views

iis-enumerate.txt

I was recently auditing the security on one of my web servers when I cameacross a new Extension Enumerate Root Web Server Directory Vulnerability forIIS 4.0. Going to the main website and asking for anything.idq I get thepage cannot be found. But if the files for the web server reside on a sharet...

7.4AI score
Exploits0
NVD
NVD
added 2000/01/11 5:0 a.m.24 views

CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...

5CVSS6.5AI score0.28058EPSS
Exploits0References2
NVD
NVD
added 1999/12/31 5:0 a.m.17 views

CVE-1999-1233

IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability...

7.5CVSS6.5AI score0.05451EPSS
Exploits1References4
Exploit DB
Exploit DB
added 1999/06/15 12:0 a.m.35 views

Microsoft IIS 4.0 - Remote Buffer Overflow (2)

source: https://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execute arbitrary code on the target...

10CVSS6.7AI score0.78099EPSS
Exploits5
Exploit DB
Exploit DB
added 1999/05/25 12:0 a.m.55 views

Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA

source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1999/01/14 12:0 a.m.16 views

Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration

Microsoft IIS 4 Windows NT - Remote Web-Based Administration source: https://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy...

7.5AI score
Exploits0
Rows per page
Query Builder