Lucene search
K
MicrosoftInternet Information Server

107 matches found

CVE
CVE
added 2010/09/15 6:0 p.m.1095 views

CVE-2010-1899

CVE-2010-1899 corresponds to a stack consumption vulnerability in the ASP implementation of Microsoft IIS (versions affected: 5.1, 6.0, 7.0, 7.5) that can be triggered by crafted requests to asp.dll, causing a denial of service (daemon outage). Public references indicate the issue is addressed by...

4.3CVSS6.4AI score0.57231EPSS
CVE
CVE
added 2009/08/31 8:0 p.m.897 views

CVE-2009-3023

CVE-2009-3023 is the IIS FTP Service NLST command remote buffer overflow in Microsoft IIS FTP service (ftpsvc) affecting IIS 5.0–6.0. A crafted NLST with wildcards can overflow a stack buffer, enabling remote code execution (attack context can yield SYSTEM‑level code execution under affected setu...

9CVSS7.4AI score0.90913EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.629 views

CVE-2010-1256

CVE-2010-1256 is an IIS memory-corruption vulnerability (IIS 6.0/7.0/7.5) tied to Extended Protection for Authentication. A remote attacker could execute arbitrary code by abusing how authentication information is parsed, when Extended Protection is enabled (KB973917). Microsoft MS10-040 fixes th...

8.5CVSS7.3AI score0.28208EPSS
CVE
CVE
added 2008/02/12 8:0 p.m.530 views

CVE-2008-0075

CVE-2008-0075 is an IIS remote code execution vulnerability in Microsoft Internet Information Services 5.1–6.0, caused by a buffer overflow when handling HTML-encoded ASP pages. An attacker could pass crafted input to ASP pages to execute arbitrary code on the target, with the Worker Process Iden...

10CVSS7.3AI score0.57167EPSS
CVE
CVE
added 2000/08/03 4:0 a.m.446 views

CVE-2000-0649

CVE-2000-0649 describes an HTTP internal IP disclosure in IIS 4.0: an attacker can obtain the server’s private IP by requesting a page protected with Basic Authentication (no realm) via HTTP/1.0. Connected documents (Metasploit IIS_INTERNAL_IP module, Nessus/Nessus-like plugin, OpenVAS NASL) corr...

2.6CVSS6.9AI score0.77076EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.428 views

CVE-2001-0500

CVE-2001-0500 is a buffer-overflow in the IDQ ISAPI handler (idq.dll) used by Microsoft IIS Indexing Service/Index Server 2.0 (and IIS 6.0 beta and earlier). The vulnerability allows remote attackers to execute arbitrary commands by sending a long argument to the .ida and .idq entry points (e.g.,...

10CVSS7.5AI score0.96731EPSS
Web
CVE
CVE
added 2007/05/30 10:0 a.m.328 views

CVE-2007-2897

CVE-2007-2897: Microsoft IIS 6.0 (server side) is vulnerable to a denial of service and potential information leakage via requests for a URI containing a DOS device name (example: /AUX/.aspx), effectively bypassing a blacklist for DOS device requests. The issue is triggered when a crafted request...

7.5CVSS7.7AI score0.74023EPSS
CVE
CVE
added 2000/02/08 5:0 a.m.303 views

CVE-2000-0114

CVE-2000-0114 affects FrontPage Server Extensions. It enables unauthenticated remote disclosure of the anonymous account name via an RPC POST to shtml.dll in the /_vti_bin/ virtual directory. The issue stems from information disclosure in FrontPage Server Extensions; no exploitation details are p...

5CVSS6.6AI score0.47595EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.279 views

CVE-2001-0333

CVE-2001-0333 is a directory-traversal vulnerability in Microsoft IIS 5.0 and earlier. An attacker can craft requests that double-encode dot-dot and backslash characters to bypass checks and remotely execute commands on the server. This is associated with MS01-026/MS01-044 (IIS CGI double-decode)...

7.5CVSS7.3AI score0.9077EPSS
Web
CVE
CVE
added 2008/02/12 8:0 p.m.223 views

CVE-2008-0074

CVE-2008-0074 describes a local elevation of privilege in Microsoft Internet Information Services (IIS) 5.0–7.0 due to how file change notifications are handled in FTPRoot, NNTPFile\Root, and WWWRoot folders. Exploitation could allow a local attacker to execute arbitrary code with SYSTEM privileg...

7.2CVSS6.2AI score0.05405EPSS
CVE
CVE
added 2007/01/05 6:0 p.m.192 views

CVE-2007-0087

CVE-2007-0087 involves Microsoft Internet Information Services (IIS). The vulnerability occurs when IIS processes a TCP connection with a large window size and a Range header that specifies multiple copies of the same fragment, enabling remote attackers to cause a denial of service through networ...

7.8CVSS6.7AI score0.23163EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.181 views

CVE-2000-0884

The CVE-2000-0884 entry describes a directory traversal/command execution vulnerability in Microsoft IIS 4.0 and 5.0. Public sources (SAINT, OpenVAS) confirm that by encoding invalid characters in Unicode (e.g., %c0%af) an attacker can bypass path validation and access the server’s filesystem fro...

7.5CVSS7AI score0.72705EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.162 views

CVE-1999-0737

CVE-1999-0737 : The IIS/Site Server sample file viewcode.asp allows remote attackers to read arbitrary files, causing information disclosure. Affected component: the viewcode.asp file on Microsoft Internet Information Services (IIS) / Site Server. Root cause: the file exposes the server’s filesys...

5CVSS6.7AI score0.28085EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.154 views

CVE-1999-0450

CVE-1999-0450 describes an information disclosure vulnerability in Microsoft IIS where an attacker can determine the real/physical path of a virtual directory by requesting a non-existent URL that would be interpreted by perl.exe. The underlying issue is a path disclosure in IIS tied to Perl hand...

7.5CVSS6.6AI score0.19027EPSS
CVE
CVE
added 2000/06/15 4:0 a.m.143 views

CVE-2000-0413

The vulnerability CVE-2000-0413 affects the FrontPage Server Extensions shtml.exe component in IIS 4.0/5.0. A remote attacker can trigger an error by requesting a non-existent HTML/HTM/ASP/SHTML file, causing the server to reveal the local absolute path of the web root in the error message. This ...

5CVSS6.4AI score0.43893EPSS
CVE
CVE
added 2005/08/23 4:0 a.m.143 views

CVE-2005-2678

CVE-2005-2678 affects Microsoft IIS 5.1 and IIS 6. The issue allows remote attackers to spoof the SERVER_NAME variable by issuing a GET request containing an http://localhost URI, bypassing security checks and enabling various attacks. Some connected sources also describe an ASP source code discl...

5CVSS6.6AI score0.41839EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.141 views

CVE-2002-0419

The CVE-2002-0419 entry describes information leaks in Microsoft IIS versions 4 through 5.1 where remote attackers can learn sensitive details via server responses. Specifically, when Basic authentication is used, the server may reveal its IP address as the realm, potentially exposing NAT-obscure...

5CVSS6.5AI score0.3624EPSS
CVE
CVE
added 2010/02/05 10:13 p.m.132 views

CVE-2003-1582

CVE-2003-1582 affects Microsoft IIS 6.0. When DNS resolution is enabled for client IPs, remote attackers can inject arbitrary text into log files via an HTTP request paired with a crafted DNS response, demonstrated by injecting XSS sequences. This is related to an Inverse Lookup Log Corruption (I...

2.6CVSS6.1AI score0.10325EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.127 views

CVE-1999-1376

CVE-1999-1376 targets IIS 4.0 with FrontPage Server Extensions, via the fpcount.exe CGI. The vulnerability is a remote buffer overflow in the fpcount.exe CGI that could allow a remote attacker to execute arbitrary commands on the server, potentially crashing it or taking control. Incident details...

10CVSS7.7AI score0.23962EPSS
CVE
CVE
added 2001/05/24 4:0 a.m.118 views

CVE-2001-0337

The vulnerability CVE-2001-0337 affects Microsoft Internet Information Services 5.0 and earlier, specifically the WebDav component (httpext.dll). A memory-leak flaw allows a malicious user to exhaust server memory by issuing many LOCK requests against a non-existent filename, potentially leading ...

5CVSS6.4AI score0.04972EPSS
CVE
CVE
added 2006/07/11 10:0 p.m.118 views

CVE-2006-0026

CVE-2006-0026 describes a buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 that is triggered by parsing crafted Active Server Pages (ASP). The underlying flaw in the ASP processing code can allow an attacker who can publish ASP pages to execute arbitrary code on ...

6.5CVSS7.6AI score0.88898EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.116 views

CVE-2002-0075

CVE-2002-0075 is a cross-site scripting vulnerability in Microsoft IIS 4.0/5.0/5.1 where an attacker could cause arbitrary script to run in a user’s browser via unsanitized content in redirect error messages. The connected OpenVAS/ISS/CERT sources confirm multiple CSS issues tied to IIS, includin...

7.5CVSS6.9AI score0.33789EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.111 views

CVE-1999-0229

CVE-1999-0229 describes a Denial of Service targeting Windows NT Internet Information Services (IIS) servers, through crafted requests that traverse directories (e.g., ../../). Several connected sources tie the issue to Microsoft IIS <= 2.0 and label it a GET request DoS vulnerability, implyin...

5CVSS6.6AI score0.05873EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.105 views

CVE-1999-0867

CVE-1999-0867 describes a denial of service affecting IIS 4.0 caused by a flood of HTTP requests with malformed headers. The available connected documents corroborate a remote DoS scenario, originating from malformed header handling in IIS 4.0. The core vulnerability is the server’s inability to ...

5CVSS6.5AI score0.22079EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.102 views

CVE-2003-0718

CVE-2003-0718 concerns a denial-of-service in the WebDAV XML Message Handler of Microsoft IIS. A crafted PROPFIND request containing a WebDAV XML document with a very large number of attributes can cause IIS to exhaust memory and CPU, potentially rendering the server unresponsive. The vulnerabili...

5CVSS6.7AI score0.87908EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.100 views

CVE-1999-0012

CVE-1999-0012 affects some Microsoft Windows-based web servers where remote attackers can bypass file access restrictions for files with long file names. The connected documents confirm the vulnerability description but do not provide concrete product versions, fixed versions, or remediation step...

7CVSS7.6AI score0.18196EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.95 views

CVE-1999-0007

Technical details for CVE-1999-0007 are not publicly available in the provided documents. Monitor for updates from authoritative sources.

5CVSS7.4AI score0.07637EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.91 views

CVE-2000-0246

The vulnerability CVE-2000-0246 affects Microsoft IIS 4.0/5.0 where ISAPI extension processing fails for a virtual directory mapped to a UNC share, enabling remote attackers to read ASP source and other files. OpenVAS/Nessus entries confirm ASP/HTR source disclosure via UNC-path access. No remedi...

5CVSS6.8AI score0.79976EPSS
CVE
CVE
added 2000/02/08 5:0 a.m.89 views

CVE-2000-0115

CVE-2000-0115 concerns Microsoft IIS. The vulnerability arises from a denial-of-service condition caused by invalid regular expressions in a Visual Basic script embedded in an ASP page. The root cause is malformed regex handling in VBScript within the ASP context, which can exhaust resources and ...

5CVSS6.5AI score0.0983EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.89 views

CVE-2001-0335

The CVE-2001-0335 issue affects Microsoft IIS FTP Service on IIS 5.0 and earlier. The vulnerability arises when a remote user supplies a username preceded by a special sequence of characters, causing the FTP service to enumerate Guest accounts in trusted domains. This could enable account discove...

5CVSS6.7AI score0.20961EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.89 views

CVE-2001-0336

The CVE-2001-0336 entry concerns Microsoft IIS 5.0 and earlier. According to provided records, the MS00-060 patch for IIS 5.0/earlier introduces an error that allows an attacker to cause a denial of service via a malformed request. The connected sources confirm the affected product version and th...

5CVSS6.8AI score0.15937EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.87 views

CVE-1999-0874

CVE-1999-0874 maps to a buffer overflow in IIS 4.0’s ISAPI processing of HTR/IDC/STM files (ISM.DLL). Public sources show a remote overflow that can cause denial of service and, in several references, the potential for remote code execution on affected Windows NT systems (MS02-018/Microsoft MS99-...

10CVSS6.9AI score0.78099EPSS
Web
CVE
CVE
added 2000/02/04 5:0 a.m.87 views

CVE-2000-0071

Microsoft IIS 4.0 is affected by CVE-2000-0071 via an information-disclosure path in the IDA/IDQ handling. A remote attacker can request non-existent files with .ida or .idq extensions to obtain the real document-root pathname, potentially aiding further targeted attacks. The issue is evidenced i...

5CVSS6.4AI score0.28058EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.87 views

CVE-2002-0364

CVE-2002-0364 describes a heap-based buffer overflow in IIS 4.0/5.0 when processing chunked-encoded HTR requests via the HTR ISAPI extension, allowing an attacker to execute arbitrary code with the privileges of the ISAPI process. The vulnerability stems from chunked encoding handling; impact inc...

7.5CVSS7.6AI score0.31005EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.86 views

CVE-1999-0191

CVE-1999-0191 affects Microsoft IIS via the CGI newdsn.exe script. The vulnerability exists in the /scripts/tools/newdsn.exe CGI, which allows remote attackers to create or overwrite files on the server if NTFS permissions permit, enabling arbitrary file creation and potential DSN overwrites. The...

6.4CVSS6.8AI score0.53303EPSS
CVE
CVE
added 2006/12/15 7:0 p.m.86 views

CVE-2006-6579

CVE-2006-6579 affects Microsoft Windows XP, where the directory %WINDIR%\pchealth\ERRORREP\QHEADLES has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA granted to Everyone). This misconfiguration allows local users to write and read files in that folder. The description notes an ASP shell wi...

4.4CVSS6.5AI score0.0126EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.85 views

CVE-1999-0407

CVE-1999-0407 affects Microsoft IIS 4.0. A default virtual directory /IISADMPWD contains files that can be used as proxies for brute-forcing credentials or identifying valid users. In Nessus data, these files (aexp2.htr, aexp2b.htr, aexp3.htr, aexp4.htr) can enable brute-force login attempts; one...

10CVSS6.7AI score0.05126EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.84 views

CVE-1999-0449

The CVE-1999-0449 entry applies to Microsoft IIS 4, specifically the ExAir sample site. A remote attacker can cause a denial of service (CPU consumption) by directly requesting one of three ASP scripts: advsearch.asp, query.asp, or search.asp. The connected Red Hat and CPAI advisories corroborate...

7.8CVSS6.5AI score0.49534EPSS
CVE
CVE
added 2001/02/02 5:0 a.m.84 views

CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 are affected by CVE-2000-1090, where a malformed URL employing the lead-byte of a double-byte character allows remote attackers to read source code of parsed pages. The root cause is improper handling of lead-byte in double-byte character sequences ...

5CVSS7.1AI score0.16659EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.83 views

CVE-1999-1538

The CVE-1999-1538 issue affects Microsoft IIS where, after upgrading IIS 2 or 3 to IIS 4, the ism.dll file is left in /scripts/iisadmin. This unmanaged file does not restrict access, enabling an unauthorized user to access sensitive server information, including the Administrator’s password, via ...

2.1CVSS6.5AI score0.25457EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.82 views

CVE-1999-0253

Summary: CVE-1999-0253 describes an information-disclosure flaw in IIS 3.0 with the iis-fix hotfix, where remote attackers could disclose ASP source by appending %2e in the URL. Affected product: Microsoft IIS 3.0 (with iis-fix) as documented in Red Hat, NVD/NVD-like records and Nessus entry; mul...

7.5CVSS6.9AI score0.07952EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.82 views

CVE-2000-1104

CVE-2000-1104 is a variant of the IIS Cross-Site Scripting vulnerability described in MS00-060 (CVE-2000-0746). The vulnerability affects Microsoft IIS 4.0 and 5.0, where a malicious site can embed scripts in a link to a trusted site, which are returned unquoted in an error message and executed i...

7.5CVSS6.3AI score0.06608EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.81 views

CVE-2000-0886

CVE-2000-0886 : Microsoft IIS 5.0 is vulnerable to remote code execution via a malformed request for an executable file whose name is appended with operating system commands (the “Web Server File Request Parsing” vulnerability). The issue affects IIS 4.0/5.0 per NSFOCUS advisories; exploitation c...

7.5CVSS7.6AI score0.68742EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.80 views

CVE-2002-0148

CVE-2002-0148 is a cross-site scripting vulnerability in Microsoft Internet Information Services (IIS) 4.0, 5.0 and 5.1 that allows remote attackers to execute arbitrary script as the affected user via an HTTP error page. Connected sources confirm this CSS/XSS issue is part of a broader set of II...

7.5CVSS6.8AI score0.64489EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.79 views

CVE-2002-0149

CVE-2002-0149 concerns a buffer overflow in the IIS ASP Server-Side Include (SSI) processing when handling long file names. The issue affects Microsoft IIS 4.0, 5.0 and 5.1, and can allow a remote attacker to crash the server or potentially execute arbitrary code via crafted SSI inputs. Multiple ...

7.5CVSS7.8AI score0.62704EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.77 views

CVE-1999-1011

CVE-1999-1011 affects the RDS DataFactory component of Microsoft MDAC used by IIS 3.x/4.x, enabling remote command execution via unsafe DataFactory methods in msadcs.dll. Public docs reference MS99-025 security bulletin and multiple advisories; exploit code and modules exist (e.g., Metasploit MSS...

10CVSS7.4AI score0.7714EPSS
Web
CVE
CVE
added 2001/01/22 5:0 a.m.77 views

CVE-2000-0970

CVE-2000-0970 affects IIS 4.0 and 5.0 where ASP pages send the same Session ID cookie for secure and insecure sessions, enabling potential remote hijacking of a user’s secure session if they transition to insecure web traffic. The root cause is cookie marking across session contexts, leading to p...

7.5CVSS7.1AI score0.45657EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.77 views

CVE-2001-0506

CVE-2001-0506 is a buffer overflow in IIS 4.0/5.0 ssinc.dll when processing Server-Side Includes directives, allowing an attacker who can write to the web directory to trigger overflow and execute arbitrary code with the web server’s privileges (LOCAL SYSTEM). Affected products: Microsoft IIS 4.0...

7.2CVSS6.7AI score0.68934EPSS
CVE
CVE
added 2000/09/21 4:0 a.m.75 views

CVE-2000-0746

The CVE-2000-0746 entry concerns a Microsoft IIS XSS vulnerability affecting IIS 4.0 and 5.0. The issue arises from improper handling of unquoted script content in links returned within error messages, allowing a malicious site to craft a link that executes scripts in the context of a trusted sit...

7.5CVSS6AI score0.08553EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.74 views

CVE-1999-0349

CVE-1999-0349 is a vulnerability in Microsoft IIS FTP Server where a buffer overflow in the FTP LIST (ls) / NLST handling allows remote attackers to cause a denial of service, and in some cases may execute arbitrary commands. The issue is tied to the IIS FTP service’s command processing and memor...

7.5CVSS7.8AI score0.17925EPSS
Total number of security vulnerabilities107