Internet Information Server@* Security Vulnerabilities and Issues — Internet Information Server@* CVE List

Lucene search

MicrosoftInternet Information Server*

13 matches found

CVE•added 2009/08/31 8:30 p.m.•851 views

CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

9CVSS7.4AI score0.76641EPSS

CVE•added 2002/03/09 5:0 a.m.•381 views

CVE-2001-0500

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as common...

10CVSS7.5AI score0.91027EPSS

CVE•added 2001/09/18 4:0 a.m.•255 views

CVE-2001-0333

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "" characters twice.

7.5CVSS7.3AI score0.84224EPSS

CVE•added 2007/01/05 6:28 p.m.•170 views

CVE-2007-0087

Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this iss...

7.8CVSS6.7AI score0.36738EPSS

CVE•added 2001/06/27 4:0 a.m.•105 views

CVE-2001-0337

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

5CVSS6.4AI score0.04618EPSS

CVE•added 2000/02/04 5:0 a.m.•96 views

CVE-1999-0229

Denial of service in Windows NT IIS server using ....

5CVSS6.6AI score0.04875EPSS

CVE•added 2001/09/18 4:0 a.m.•79 views

CVE-2001-0335

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

5CVSS6.7AI score0.37007EPSS

CVE•added 2001/09/18 4:0 a.m.•79 views

CVE-2001-0336

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.

5CVSS6.8AI score0.15747EPSS

CVE•added 2000/02/08 5:0 a.m.•77 views

CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.

5CVSS6.5AI score0.04899EPSS

CVE•added 2006/12/15 7:28 p.m.•74 views

CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine...

4.4CVSS6.5AI score0.00182EPSS

CVE•added 2001/09/18 4:0 a.m.•63 views

CVE-2001-0334

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

7.5CVSS7AI score0.25077EPSS

CVE•added 2002/03/09 5:0 a.m.•48 views

CVE-1999-1148

FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

5CVSS7AI score0.18087EPSS

CVE•added 2001/09/20 4:0 a.m.•48 views

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.

5CVSS7AI score0.26029EPSS