Lucene search

K
MicrosoftInternet Information Server

107 matches found

CVE
CVE
added 2010/09/15 7:0 p.m.1019 views

CVE-2010-1899

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vul...

4.3CVSS6.4AI score0.87011EPSS
CVE
CVE
added 2009/08/31 8:30 p.m.851 views

CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

9CVSS7.4AI score0.76641EPSS
CVE
CVE
added 2010/06/08 8:30 p.m.609 views

CVE-2010-1256

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption...

8.5CVSS7.3AI score0.33545EPSS
CVE
CVE
added 2008/02/12 9:0 p.m.504 views

CVE-2008-0075

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

10CVSS7.3AI score0.725EPSS
CVE
CVE
added 2000/08/03 4:0 a.m.419 views

CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

2.6CVSS6.9AI score0.62025EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.381 views

CVE-2001-0500

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as common...

10CVSS7.5AI score0.91027EPSS
CVE
CVE
added 2007/05/30 10:30 a.m.277 views

CVE-2007-2897

Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connec...

7.5CVSS7.7AI score0.5348EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.255 views

CVE-2001-0333

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "" characters twice.

7.5CVSS7.3AI score0.84224EPSS
CVE
CVE
added 2000/02/08 5:0 a.m.218 views

CVE-2000-0114

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.

5CVSS6.6AI score0.02967EPSS
CVE
CVE
added 2008/02/12 9:0 p.m.196 views

CVE-2008-0074

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

7.2CVSS6.2AI score0.02029EPSS
CVE
CVE
added 2007/01/05 6:28 p.m.170 views

CVE-2007-0087

Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this iss...

7.8CVSS6.7AI score0.36738EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.160 views

CVE-2000-0884

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

7.5CVSS7AI score0.86685EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.143 views

CVE-1999-0737

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

5CVSS6.7AI score0.52891EPSS
CVE
CVE
added 2005/08/23 4:0 a.m.129 views

CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

5CVSS6.6AI score0.55449EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.128 views

CVE-1999-0450

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

7.5CVSS6.6AI score0.32431EPSS
CVE
CVE
added 2002/08/12 4:0 a.m.127 views

CVE-2002-0419

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which c...

5CVSS6.5AI score0.31296EPSS
CVE
CVE
added 2000/06/15 4:0 a.m.125 views

CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

5CVSS6.4AI score0.59392EPSS
CVE
CVE
added 2010/02/05 10:30 p.m.118 views

CVE-2003-1582

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

2.6CVSS6.1AI score0.04959EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.116 views

CVE-1999-1376

Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.

10CVSS7.7AI score0.54889EPSS
CVE
CVE
added 2001/06/27 4:0 a.m.105 views

CVE-2001-0337

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

5CVSS6.4AI score0.04618EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.104 views

CVE-2002-0075

Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

7.5CVSS6.9AI score0.67563EPSS
CVE
CVE
added 2006/07/11 10:5 p.m.103 views

CVE-2006-0026

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

6.5CVSS7.6AI score0.90121EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.96 views

CVE-1999-0229

Denial of service in Windows NT IIS server using ....

5CVSS6.6AI score0.04875EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.88 views

CVE-2003-0718

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

5CVSS6.7AI score0.81995EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.87 views

CVE-1999-0867

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

5CVSS6.5AI score0.21491EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.83 views

CVE-1999-0012

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

7CVSS7.6AI score0.00447EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.79 views

CVE-2001-0335

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

5CVSS6.7AI score0.37007EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.79 views

CVE-2001-0336

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.

5CVSS6.8AI score0.15747EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.78 views

CVE-1999-0007

Information from SSL-encrypted sessions via PKCS #1.

5CVSS7.4AI score0.05124EPSS
CVE
CVE
added 2000/02/08 5:0 a.m.77 views

CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.

5CVSS6.5AI score0.04899EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.75 views

CVE-1999-0191

IIS newdsn.exe CGI script allows remote users to overwrite files.

6.4CVSS6.8AI score0.61953EPSS
CVE
CVE
added 2001/02/12 5:0 a.m.75 views

CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.

5CVSS7.1AI score0.12517EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.74 views

CVE-2000-0246

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

5CVSS6.8AI score0.83616EPSS
CVE
CVE
added 2006/12/15 7:28 p.m.74 views

CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine...

4.4CVSS6.5AI score0.00182EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.73 views

CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

7.8CVSS6.5AI score0.36242EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.72 views

CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

5CVSS6.4AI score0.7142EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.70 views

CVE-2002-0364

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

7.5CVSS7.6AI score0.65661EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.69 views

CVE-1999-1538

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

2.1CVSS6.5AI score0.56595EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.68 views

CVE-1999-0874

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

10CVSS6.9AI score0.85132EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.67 views

CVE-1999-0407

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

10CVSS6.7AI score0.29622EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.67 views

CVE-2000-0970

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

7.5CVSS7.1AI score0.3846EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.67 views

CVE-2002-0148

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

7.5CVSS6.8AI score0.72471EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.66 views

CVE-2002-0149

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

7.5CVSS7.8AI score0.49796EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.65 views

CVE-1999-0253

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

7.5CVSS6.9AI score0.02987EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.65 views

CVE-2000-0886

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

7.5CVSS7.6AI score0.89218EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.64 views

CVE-1999-0349

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

7.5CVSS7.8AI score0.11239EPSS
CVE
CVE
added 2001/01/09 5:0 a.m.64 views

CVE-2000-1104

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those...

7.5CVSS6.3AI score0.18278EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.63 views

CVE-1999-0738

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

5CVSS7.1AI score0.464EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.63 views

CVE-1999-1011

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

10CVSS7.4AI score0.79296EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.63 views

CVE-2001-0334

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

7.5CVSS7AI score0.25077EPSS
Total number of security vulnerabilities107