Internet Information Server Security Vulnerabilities and Issues — Internet Information Server CVE List

Lucene search

MicrosoftInternet Information Server

4 matches found

CVE•added 2005/08/23 4:0 a.m.•129 views

CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

5CVSS6.6AI score0.55449EPSS

CVE•added 2005/06/28 4:0 a.m.•61 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5CVSS6.7AI score0.19725EPSS

CVE•added 2005/06/21 4:0 a.m.•48 views

CVE-2002-1694

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

5CVSS7AI score0.01603EPSS

CVE•added 2005/06/21 4:0 a.m.•42 views

CVE-2002-1695

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

5CVSS7AI score0.01957EPSS