CVE-2014-4078

CVE-2014-4078 affects Microsoft Internet Information Services (IIS) 8.0 and 8.5. The vulnerability is in the IP Security feature, where wildcard rules in the IP Address and Domain Restrictions list are not properly processed, enabling a remote attacker to bypass the intended rule set via an HTTP ...

CVE-2010-3972

Summary (CVE-2010-3972): A heap-based buffer overflow in the FTP service of Microsoft IIS (ftpsvc.dll) on IIS 7.0/7.5 enables remote code execution or DoS via a crafted FTP command. Affects Microsoft IIS FTP Service; root cause is improper handling of Telnet IAC data in TELNET_STREAM_CONTEXT::OnS...

CVE-2010-2730

CVE-2010-2730 affects Microsoft Internet Information Services (IIS) 7.5 when FastCGI is enabled. It is a remote code execution vulnerability caused by a heap buffer overflow in the HTTP header processing path exposed when handling crafted request headers, allowing an unauthenticated remote attack...

CVE-2017-7269

CVE-2017-7269 is a remote-code-execution vulnerability in the IIS 6.0 WebDAV service (ScStoragePathFromUrl) on Windows Server 2003 R2. It can be triggered by a crafted long header in a PROPFIND request beginning with "If:

CVE-2008-4301

CVE-2008-4301 concerns a vulnerability in the ActiveX control in iisext.dll used by Microsoft Internet Information Services (IIS). The affected component is an ActiveX control; the reported issue allows remote attackers to set a password via a string argument to the SetPassword method. The core p...

CVE-2008-1446

CVE-2008-1446 describes an integer overflow in the IPP ISAPI extension of Microsoft IIS (versions 5.0–7.0) on Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Server 2008. An authenticated remote attacker can trigger arbitrary code execution by sending a crafted HTTP POST that causes the se...

CVE-2010-1899

CVE-2010-1899 corresponds to a stack consumption vulnerability in the ASP implementation of Microsoft IIS (versions affected: 5.1, 6.0, 7.0, 7.5) that can be triggered by crafted requests to asp.dll, causing a denial of service (daemon outage). Public references indicate the issue is addressed by...

CVE-2008-4300

CVE-2008-4300 affects a specific ActiveX control in adsiis.dll used by Microsoft Internet Information Services (IIS). The vulnerability allows remote attackers to cause a denial of service (browser crash) by sending a long string as the second argument to the GetObject method. The description not...

CVE-2009-2521

CVE-2009-2521 affects Microsoft IIS FTP Server 5.0–7.0. A DoS is triggered by a remote authenticated user sending a LIST -R command with a wildcard that references a subdirectory and then .., causing stack exhaustion and daemon crash. Public exploitation modules (Metasploit/MSF, Exploit-DB) and O...

CVE-2000-0649

CVE-2000-0649 describes an HTTP internal IP disclosure in IIS 4.0: an attacker can obtain the server’s private IP by requesting a page protected with Basic Authentication (no realm) via HTTP/1.0. Connected documents (Metasploit IIS_INTERNAL_IP module, Nessus/Nessus-like plugin, OpenVAS NASL) corr...

CVE-2009-1535

CVE-2009-1535 corresponds to the IIS WebDAV Unicode authentication bypass vulnerability affecting IIS 5.1/6.0. The issue permits remote bypass of URI-based protections and can allow listing, reading, creation, or modification of files by injecting a Unicode sequence (notably %c0%af) into the URI,...

CVE-2009-4445

Microsoft IIS, when used with unspecified third‑party upload applications, is vulnerable to remote file creation via a filename containing an initial extension, a colon, and a safe extension. For example, uploading a file named ".asp:.jpg" can result in an empty ".asp" file being created, related...

CVE-2003-1567

The CVE-2003-1567 issue concerns the undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0, which reportedly echoes parts of the original request back in the response body. This behavior could allow remote attackers to read sensitive information from HTTP headers, includi...

CVE-2009-4444

CVE-2009-4444 affects Microsoft IIS 5.x and 6.x. The issue arises from IIS parsing the filename only up to the first semicolon (;) to determine the file extension, enabling a bypass of extension-based upload restrictions. An attacker can craft a filename such as (1) ".asp", (2) ".cer", or (3) ".a...

CVE-2008-0074

CVE-2008-0074 describes a local elevation of privilege in Microsoft Internet Information Services (IIS) 5.0–7.0 due to how file change notifications are handled in FTPRoot, NNTPFile\Root, and WWWRoot folders. Exploitation could allow a local attacker to execute arbitrary code with SYSTEM privileg...

CVE-2009-1122

CVE-2009-1122 is the IIS WebDAV authentication bypass vulnerability associated with the MS09-020 family. The Initial Description notes an improper URL decode in IIS WebDAV that can bypass authentication and allow reading/creating files via crafted HTTP requests. Connected documents corroborate an...

CVE-2000-0884

The CVE-2000-0884 entry describes a directory traversal/command execution vulnerability in Microsoft IIS 4.0 and 5.0. Public sources (SAINT, OpenVAS) confirm that by encoding invalid characters in Unicode (e.g., %c0%af) an attacker can bypass path validation and access the server’s filesystem fro...

CVE-2005-2089

CVE-2005-2089 affects Microsoft IIS 5.0 and 6.0. The issue arises when processing an HTTP request that includes both a Transfer-Encoding: chunked header and a Content-Length header, causing IIS to mis-handle and forward the body, which can be treated by the receiving server as a separate HTTP req...

CVE-2002-0422

CVE-2002-0422 concerns Microsoft IIS 5 and 5.1. WebDAV support can leak an internal IP address. The PROPFIND method with a blank Host header can expose the address in an HREF within a 207 Multi-Status response, and the WRITE or MKCOL methods can leak the internal IP in the Location header. Connec...

CVE-1999-0450

CVE-1999-0450 describes an information disclosure vulnerability in Microsoft IIS where an attacker can determine the real/physical path of a virtual directory by requesting a non-existent URL that would be interpreted by perl.exe. The underlying issue is a path disclosure in IIS tied to Perl hand...

CVE-2002-1717

Microsoft Internet Information Services (IIS) 5.1 is affected by CVE-2002-1717, allowing remote attackers to view installation path information via GET requests to /_vti_pvt/access.cnf, /_vti_pvt/botinfs.cnf, /_vti_pvt/bots.cnf, or /_vti_pvt/linkinfo.cnf. OpenVAS/Nessus references confirm this .c...

CVE-2005-2678

CVE-2005-2678 affects Microsoft IIS 5.1 and IIS 6. The issue allows remote attackers to spoof the SERVER_NAME variable by issuing a GET request containing an http://localhost URI, bypassing security checks and enabling various attacks. Some connected sources also describe an ASP source code discl...

CVE-2000-0413

The vulnerability CVE-2000-0413 affects the FrontPage Server Extensions shtml.exe component in IIS 4.0/5.0. A remote attacker can trigger an error by requesting a non-existent HTML/HTM/ASP/SHTML file, causing the server to reveal the local absolute path of the web root in the error message. This ...

CVE-2002-0419

The CVE-2002-0419 entry describes information leaks in Microsoft IIS versions 4 through 5.1 where remote attackers can learn sensitive details via server responses. Specifically, when Basic authentication is used, the server may reveal its IP address as the realm, potentially exposing NAT-obscure...

CVE-2007-2815

CVE-2007-2815 concerns Microsoft IIS webhits.dll Hit-Highlighting authentication bypass. The hit-highlighting feature in IIS Web Server 5.x (notably IIS 5.0/5.1) uses Windows NT ACLs, enabling remote attackers to bypass NTLM and Basic authentication and access private web directories via the CiWe...

CVE-2006-0026

CVE-2006-0026 describes a buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 that is triggered by parsing crafted Active Server Pages (ASP). The underlying flaw in the ASP processing code can allow an attacker who can publish ASP pages to execute arbitrary code on ...

CVE-2002-0075

CVE-2002-0075 is a cross-site scripting vulnerability in Microsoft IIS 4.0/5.0/5.1 where an attacker could cause arbitrary script to run in a user’s browser via unsanitized content in redirect error messages. The connected OpenVAS/ISS/CERT sources confirm multiple CSS issues tied to IIS, includin...

CVE-2011-5279

The CVE-2011-5279 entry concerns CRLF injection in the CGI component of Microsoft Internet Information Services (IIS) 4.x and 5.x running on Windows NT/2000. The vulnerability arises when a newline character in an HTTP header enables an attacker to modify arbitrary uppercase environment variables...

CVE-2006-6578

CVE-2006-6578 affects Microsoft Internet Information Services (IIS) 5.1, where the IUSR_Machine account can execute non-EXE files (e.g., .COM) in a web directory with certain permissions. This allows attackers to pass arguments to any .COM file that runs those arguments, enabling arbitrary comman...

CVE-2003-0718

CVE-2003-0718 concerns a denial-of-service in the WebDAV XML Message Handler of Microsoft IIS. A crafted PROPFIND request containing a WebDAV XML document with a very large number of attributes can cause IIS to exhaust memory and CPU, potentially rendering the server unresponsive. The vulnerabili...

CVE-2002-1718

CVE-2002-1718 affects Microsoft Internet Information Server (IIS) 5.1. The issue, as described in the connected sources, allows remote attackers to view the contents of a Frontpage Server Extension (FPSE) file by sending an HTTP request for colegal.htm containing .. sequences. The Red Hat and CVE...

CVE-2000-0246

The vulnerability CVE-2000-0246 affects Microsoft IIS 4.0/5.0 where ISAPI extension processing fails for a virtual directory mapped to a UNC share, enabling remote attackers to read ASP source and other files. OpenVAS/Nessus entries confirm ASP/HTR source disclosure via UNC-path access. No remedi...

CVE-2002-0364

CVE-2002-0364 describes a heap-based buffer overflow in IIS 4.0/5.0 when processing chunked-encoded HTR requests via the HTR ISAPI extension, allowing an attacker to execute arbitrary code with the privileges of the ISAPI process. The vulnerability stems from chunked encoding handling; impact inc...

CVE-2000-0071

Microsoft IIS 4.0 is affected by CVE-2000-0071 via an information-disclosure path in the IDA/IDQ handling. A remote attacker can request non-existent files with .ida or .idq extensions to obtain the real document-root pathname, potentially aiding further targeted attacks. The issue is evidenced i...

CVE-2006-6579

CVE-2006-6579 affects Microsoft Windows XP, where the directory %WINDIR%\pchealth\ERRORREP\QHEADLES has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA granted to Everyone). This misconfiguration allows local users to write and read files in that folder. The description notes an ASP shell wi...

CVE-2002-1180

CVE-2002-1180 affects Microsoft Internet Information Services (IIS) 5.0. The issue is a typographical error in script source access permissions that does not properly exclude .COM files, allowing attackers with only write permissions to upload malicious .COM files to run code on the server. Accor...

CVE-2000-1104

CVE-2000-1104 is a variant of the IIS Cross-Site Scripting vulnerability described in MS00-060 (CVE-2000-0746). The vulnerability affects Microsoft IIS 4.0 and 5.0, where a malicious site can embed scripts in a link to a trusted site, which are returned unquoted in an error message and executed i...

CVE-1999-0253

Summary: CVE-1999-0253 describes an information-disclosure flaw in IIS 3.0 with the iis-fix hotfix, where remote attackers could disclose ASP source by appending %2e in the URL. Affected product: Microsoft IIS 3.0 (with iis-fix) as documented in Red Hat, NVD/NVD-like records and Nessus entry; mul...

CVE-2001-0151

CVE-2001-0151 affects Microsoft IIS 5.0, where a remote attacker can cause a denial of service by sending malformed WebDAV/PROPFIND requests. The underlying issue is a bug in WebDAV handling that allows the server to be made unavailable, with impact described as DoS and partial availability. Publ...

CVE-2001-0146

IIS 5.0 and Exchange 2000 are vulnerable to a DoS via repeated malformed URLs that trigger a memory allocation error, disrupting IIS (and web-based mail on Exchange). The CERT/MS MS01-014 patch (and MS01-044 for IIS-only scenarios) are the remediation paths described; no exploitation details are ...

CVE-2002-0148

CVE-2002-0148 is a cross-site scripting vulnerability in Microsoft Internet Information Services (IIS) 4.0, 5.0 and 5.1 that allows remote attackers to execute arbitrary script as the affected user via an HTTP error page. Connected sources confirm this CSS/XSS issue is part of a broader set of II...

CVE-2002-0149

CVE-2002-0149 concerns a buffer overflow in the IIS ASP Server-Side Include (SSI) processing when handling long file names. The issue affects Microsoft IIS 4.0, 5.0 and 5.1, and can allow a remote attacker to crash the server or potentially execute arbitrary code via crafted SSI inputs. Multiple ...

CVE-2005-4360

Summary (CVE-2005-4360, mode C) : IIS 5.1 on Windows XP Pro SP2 contains a memory/URL parsing vulnerability in the IIS WWW component. A remote attacker can trigger it by sending specially crafted URLs (notably using paths like /_vti_bin/.dll/*/~0), leading to remote code execution with SYSTEM pri...

CVE-2000-0970

CVE-2000-0970 affects IIS 4.0 and 5.0 where ASP pages send the same Session ID cookie for secure and insecure sessions, enabling potential remote hijacking of a user’s secure session if they transition to insecure web traffic. The root cause is cookie marking across session contexts, leading to p...

CVE-2000-0886

CVE-2000-0886 : Microsoft IIS 5.0 is vulnerable to remote code execution via a malformed request for an executable file whose name is appended with operating system commands (the “Web Server File Request Parsing” vulnerability). The issue affects IIS 4.0/5.0 per NSFOCUS advisories; exploitation c...

CVE-2002-1700

CVE-2002-1700 describes a cross-site scripting (XSS) flaw in the missing template handler of Macromedia ColdFusion MX. The vulnerability arises because the HTTP request parameter for the template name is not filtered, allowing an attacker to inject script that is echoed in a 404 error message and...

CVE-2003-0224

CVE-2003-0224 describes a buffer overflow in IIS 5.0 (ssinc.dll) triggered by a Server Side Include directive with an overly long filename, potentially allowing local users to execute arbitrary code. Affected IIS versions mentioned in connected materials include IIS 4.0, 5.0, and 5.1; exploitatio...

CVE-2001-0506

CVE-2001-0506 is a buffer overflow in IIS 4.0/5.0 ssinc.dll when processing Server-Side Includes directives, allowing an attacker who can write to the web directory to trigger overflow and execute arbitrary code with the web server’s privileges (LOCAL SYSTEM). Affected products: Microsoft IIS 4.0...

CVE-2000-0408

CVE-2000-0408 – Microsoft IIS Malformed File Extension DoS affects IIS 4.05 and 5.0. A remote attacker can trigger a denial of service by sending a long, complex URL that appears to contain a large number of file extensions (Mashed Extension Data in URL). Remediation is associated with Microsoft ...

CVE-2002-0079

The CVE-2002-0079 issue is a heap/buffer overflow in the ASP ISAPI filter of Microsoft IIS (4.0/5.0) triggered by chunked-encoded POST data in ASP pages. Public writeups (SAINT) describe remote exploitation causing crashes in dllhost.exe or arbitrary code execution on IIS 5.0, with a patch refere...