Lucene search
K
MicrosoftInternet Information Services

91 matches found

CVE
CVE
added 2000/09/21 4:0 a.m.75 views

CVE-2000-0746

The CVE-2000-0746 entry concerns a Microsoft IIS XSS vulnerability affecting IIS 4.0 and 5.0. The issue arises from improper handling of unquoted script content in links returned within error messages, allowing a malicious site to craft a link that executes scripts in the context of a trusted sit...

7.5CVSS6AI score0.08553EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.75 views

CVE-2002-0079

The CVE-2002-0079 issue is a heap/buffer overflow in the ASP ISAPI filter of Microsoft IIS (4.0/5.0) triggered by chunked-encoded POST data in ASP pages. Public writeups (SAINT) describe remote exploitation causing crashes in dllhost.exe or arbitrary code execution on IIS 5.0, with a patch refere...

7.5CVSS7.2AI score0.77341EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.74 views

CVE-2001-0902

Microsoft IIS 5.0 is affected. The vulnerability allows remote attackers to spoof web log entries by sending HTTP requests containing hex-encoded newline or form-feed characters, enabling log pollution/improper logging. CVE-2001-0902 details indicate impact to log integrity (partial) and potentia...

7.5CVSS7AI score0.16635EPSS
CVE
CVE
added 2003/05/30 4:0 a.m.74 views

CVE-2003-0226

CVE-2003-0226 : Microsoft IIS 5.0 and 5.1 are affected by a WebDAV-based denial-of-service when processing excessively long PROPFIND or SEARCH requests, leading to an error condition that IIS does not handle properly. The OpenVAS/NESSUS inputs reference MS03-018 (Cumulative Patch for IIS) as the ...

5CVSS6.6AI score0.42575EPSS
Web
CVE
CVE
added 2001/09/12 4:0 a.m.73 views

CVE-1999-0154

The vulnerability affects IIS versions 2.0–3.0, where a request ending with a period (dot) can cause the server to reveal ASP page source to an attacker. This is a remote read of source code resulting from the URL handling behavior in IIS 2.0/3.0. Practical impact: exposure of ASP source. The PT-...

5CVSS7.2AI score0.40015EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.73 views

CVE-2002-1790

CVE-2002-1790 affects the SMTP service in Microsoft IIS 4.0/5.0, where the root cause is bypassing anti-relaying rules by using encapsulated SMTP addresses, enabling remote attackers to send spam or spoofed messages. This CVE is linked to the prior CVE-1999-0682 remediation lineage. The connected...

5CVSS6.7AI score0.33967EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.71 views

CVE-1999-0412

CVE-1999-0412 affects IIS and other web servers where the server runs as SYSTEM and loads an ISAPI extension. The underlying issue allows an attacker to execute commands with SYSTEM privileges via the ISAPI extension, enabling high-privilege access on the affected server. Connected documents corr...

7.5CVSS7.2AI score0.10238EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.71 views

CVE-2002-0071

CVE-2002-0071: Buffer overflow in the ism.dll ISAPI extension (HTR) of Microsoft IIS 4.0/5.0 allows DoS or arbitrary code execution via crafted HTR requests with long variable names. The vulnerability affects IIS 4.0, 5.0 (and 5.1 per advisories) and is addressed by Microsoft Security Bulletin MS...

7.5CVSS7.3AI score0.33643EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.71 views

CVE-2002-0224

MSDTC DoS (CVE-2002-0224) affects Microsoft Windows 2000, IIS 5.x, and SQL Server up to 2000. A DoS can be triggered by sending malformed input to the MSDTC service, potentially causing crashes or hangs. OpenVAS/Nessus refer to MS02-018 as the patch that mitigates related issues; applying that pa...

5CVSS7.1AI score0.22122EPSS
CVE
CVE
added 2002/11/02 5:0 a.m.71 views

CVE-2002-0869

CVE-2002-0869 refers to an unknown vulnerability in the IIS hosting process (dllhost.exe) affecting IIS 4.0–5.1 that enables remote attackers to gain LocalSystem privileges by executing an out-of-process application. Connected sources document related patches: OpenVAS/NASL entries reference MS02-...

7.5CVSS6.9AI score0.23636EPSS
CVE
CVE
added 2009/01/15 12:0 a.m.71 views

CVE-2003-1566

CVE-2003-1566 concerns Microsoft Internet Information Services (IIS) 5.0 where requests using the TRACK method are not logged. The underlying issue is the logging gap for the TRACK method, which can allow remote attackers to access sensitive information without detection. The provided documents s...

5CVSS6.3AI score0.28118EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.70 views

CVE-2000-0457

Summary: CVE-2000-0457 affects Microsoft IIS 4.0/5.0 via ISM.DLL, enabling remote disclosure of file contents by requesting a file and appending spaces and ".HTR" (the File Fragment Reading vulnerability). Affected component: ISM.DLL in IIS 4.0/5.0 handling .HTR requests. Impact: partial confiden...

7.5CVSS6.6AI score0.52751EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.70 views

CVE-2001-0507

CVE-2001-0507 describes a privilege-elevation flaw in IIS 5.0 where local users can gain privileges by abusing relative path resolution to system files used to run in-process Trojan horse files. OpenVAS/NVD entries corroborate an IIS remote/content-exploitation lineage around early MS01-044 era; ...

7.2CVSS6.4AI score0.08846EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.70 views

CVE-2002-0074

CVE-2002-0074 describes a cross-site scripting vulnerability in the IIS Help Files search facility affecting Microsoft IIS 4.0, 5.0 and 5.1. The issue allows remote attackers to embed scripts into another user’s session through crafted input, as detailed in CERT/CC and various vulnerability advis...

7.5CVSS6.2AI score0.33789EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.68 views

CVE-1999-0233

IIS 1.0 is reported to allow users to execute arbitrary commands via .bat or .cmd files. The cited sources do not provide concrete technical details beyond this description (no specific root cause, affected versions beyond IIS 1.0, or remediation steps). Exploitation status and in‑the‑wild use ar...

10CVSS8.2AI score0.16272EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.68 views

CVE-2002-0072

CVE-2002-0072 describes a denial-of-service in Microsoft IIS 4.0/5.0/5.1 caused by the w3svc.dll FP2002/ISAPI filter when handling an overly long URL. The error handling rewrites a URL to a null value and then dereferences it, crashing Inetinfo.exe. Affected components: FP2002 Front Page Server E...

5CVSS6.3AI score0.56627EPSS
Web
CVE
CVE
added 2003/04/02 5:0 a.m.68 views

CVE-2002-0073

Summary of CVE-2002-0073 : The FTP service in Microsoft IIS 4.0, 5.0, and 5.1 is vulnerable to a denial-of-service when a currently authenticated or session-hosted FTP user issues a specially crafted status request containing glob characters. The vulnerability may cause the IIS server to crash an...

5CVSS6.2AI score0.56391EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.68 views

CVE-2002-0147

CVE-2002-0147 describes a heap-based buffer overflow in IIS's ASP data transfer/chunked encoding, affecting IIS 4.0, 5.0 and 5.1. An attacker could cause a denial of service or execute arbitrary code on the server, with privileges depending on the affected ISAPI/ASP context (IWAM_computername or ...

7.5CVSS7AI score0.61761EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.67 views

CVE-2001-0508

CVE-2001-0508 relates to Microsoft IIS 5.0 WebDAV processing. A very long, invalid WebDAV request can trigger a memory access error, causing the IIS 5.0 process to terminate and restart (DoS). The issue is addressed by the MS01-044 patch from Microsoft. Affected platform noted in sources is IIS 5...

5CVSS6.4AI score0.2705EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.67 views

CVE-2001-0544

CVE-2001-0544 affects IIS 5.0. A crafted invalid MIME Content-Type header can cause a denial of service by corrupting the File Type table. Local user access, no authentication required, partial availability impact. Connected docs mention related MS01-044 references; no patch/fix details are provi...

2.1CVSS6.2AI score0.02409EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.66 views

CVE-2001-1243

CVE-2001-1243 affects Microsoft IIS 4.0/5.0 with asp.dll Scripting.FileSystemObject. The vulnerability allows local or remote attackers to cause a denial of service (crash) by: (1) crafting an ASP program using Scripting.FileSystemObject to open a file using an MS-DOS device name, or (2) injectin...

5CVSS6.9AI score0.63188EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.66 views

CVE-2002-0150

CVE-2002-0150 refers to a buffer overflow in Microsoft IIS 4.0/5.0/5.1 that can be triggered by inaccurate checking of HTTP header delimiters, potentially allowing an attacker to crash the server or execute arbitrary code. The vulnerability is part of a set of issues addressed by Microsoft Securi...

7.5CVSS7.9AI score0.49477EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.66 views

CVE-2002-1182

CVE-2002-1182 affects Microsoft IIS 5.0 and 5.1. A remote attacker can trigger a denial of service by sending malformed WebDAV requests that cause IIS to allocate an unusually large amount of memory, potentially crashing the server. The vulnerability is characterized as a memory allocation issue ...

5CVSS6.6AI score0.36067EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.65 views

CVE-2000-0258

CVE-2000-0258 affects IIS 4.0 and 5.0. The provided documents describe a remote denial-of-service vulnerability triggered by sending many URLs containing a large number of escaped characters, referred to as the "Myriad Escaped Characters" vulnerability. The NVD entry provides CVSS scores (2.0: 5....

7.5CVSS7AI score0.19607EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.63 views

CVE-2000-0770

CVE-2000-0770 affects Microsoft IIS 4.0 and 5.0, where file permission canonicalization allows remote attackers to bypass access restrictions on certain files when parent folders have permissive permissions. The connected documents corroborate the issue as the “File Permission Canonicalization” v...

6.4CVSS6.7AI score0.1508EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.63 views

CVE-2002-1744

The connected CVE records confirm a directory traversal in CodeBrws.asp for Microsoft IIS 5.0. The vulnerable component is CodeBrws.asp (IIS 5.0), with the underlying issue caused by a hex-encoded "+%c0%ae%c0%ae+" sequence representing ".." that allows remote attackers to view source code and det...

5CVSS7.2AI score0.63614EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.62 views

CVE-2000-0951

The CVE-2000-0951 issue affects Microsoft IIS (likely IIS 5.0) where Index Server is enabled and the Index property misconfigured, allowing remote users to list web root directories via a WebDAV search. This results in information disclosure about remote directories and HTML files, increasing an ...

5CVSS6.6AI score0.44133EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.62 views

CVE-2002-1694

The CVE refers to Microsoft Internet Information Server (IIS) 4.0 where log files are opened with FILE_SHARE_READ and FILE_SHARE_WRITE permissions. This shared access could allow remote attackers to modify log file contents while IIS is running, representing a potential integrity impact on logs. ...

5CVSS7AI score0.12998EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.61 views

CVE-1999-0281

CVE-1999-0281 describes a denial-of-service issue in Microsoft IIS triggered by long URLs. Connected documents identify IIS as the affected product and reiterate the DoS impact but do not provide concrete technical details such as vulnerable components, root cause, affected versions, or a fix. A ...

5CVSS7.4AI score0.12592EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.61 views

CVE-2000-0304

Summary: CVE-2000-0304 affects Microsoft IIS 4.0 and 5.0 when the IISADMPWD virtual directory is installed. A malformed request to inetinfo.exe (the undelimited .HTR request) can cause a remote denial of service. What is affected: IIS 4.0 and, to a lesser extent, IIS 5.0; presence of IISADMPWD is...

5CVSS6.6AI score0.29344EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.61 views

CVE-2000-0778

CVE-2000-0778 affects Microsoft IIS (IIS 5.0/5.1). Vulnerability arises from an information-disclosure flaw where an HTTP Translate: f header allows remote attackers to obtain ASP/ASA source code. Affected products include Windows IIS; root cause is improper handling of the Translate header leadi...

5CVSS6.7AI score0.87284EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.61 views

CVE-2001-0004

This CVE concerns IIS 4.0/5.0 where an attacker can cause the server to disclose file contents by sending a crafted GET request that appends %3F+.htr, causing the target file to be parsed as an .HTR ISAPI extension. Impact: unauthenticated remote disclosure of potentially sensitive files within t...

5CVSS6.9AI score0.28215EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.59 views

CVE-2000-0630

Summary: IIS 4.0 and 5.0 can disclose fragments of source code by requesting a known file with a appended +.htr, via the ISAPI-based .HTR handling in IIS. What’s affected: Microsoft Internet Information Services (IIS) 4.0/5.0, specifically the mechanism that processes .HTR ISAPI scripts (ISM.DLL)...

5CVSS6.8AI score0.68445EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.59 views

CVE-2002-1908

CVE-2002-1908 affects Microsoft IIS 5.0 and 5.1. The vulnerability allows remote attackers to trigger high CPU usage leading to a denial of service by sending an HTTP request whose Host header contains a large number of forward-slash characters. The Red Hat and CVE records corroborate the same im...

5CVSS7AI score0.13678EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.58 views

CVE-2001-0096

CVE-2001-0096 describes a denial-of-service flaw in Microsoft IIS FrontPage Server Extensions (FPSE) on IIS 4.0/5.0, where a remote attacker can crash the server via a malformed web form submission. OpenVAS/Nessus classify this as a remote DoS that renders the service unusable. Public references ...

5CVSS6.6AI score0.20309EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.57 views

CVE-2001-1186

CVE-2001-1186 affects Microsoft IIS 5.0. The issue is a denial of service caused by an HTTP request whose Content-Length is larger than the request body, preventing IIS from timing out the connection. The connected documents confirm the same description across NVD and CVE lists. There are no deta...

5CVSS7AI score0.31353EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.57 views

CVE-2002-1745

CVE-2002-1745 concerns an off-by-one error in the CodeBrws.asp sample script bundled with Microsoft IIS 5.0. The vulnerability allows remote attackers to view source code for files with extensions that contain one extra character after .html, .htm, .asp, or .inc (e.g., .aspx). Root cause is an of...

7.5CVSS7.2AI score0.17663EPSS
CVE
CVE
added 2003/05/30 4:0 a.m.57 views

CVE-2003-0223

Microsoft IIS 4.0/5.0/5.1 is affected by a cross-site scripting (XSS) vulnerability in the ASP redirection function that allows remote attackers to embed script in a redirection URL/message. The issue is identified as CVE-2003-0223 (MS03-018), with a patch referenced as Microsoft security bulleti...

6.8CVSS6AI score0.17322EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.55 views

CVE-2002-1695

CVE-2002-1695 affects Norton Internet Security 2001. The issue stems from the product opening log files with FILE_SHARE_READ and FILE_SHARE_WRITE, which could allow remote attackers to modify log contents while Norton Internet Security is running. The provided documents do not include a remediati...

5CVSS7AI score0.13637EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.53 views

CVE-2000-0631

The CVE-2000-0631 entry concerns an IIS administrative script that was in IIS 3.0 and later included in IIS 4.0 and 5.0. The vulnerability allows remote attackers to cause a denial of service by accessing the script without a specific argument (the Absent Directory Browser Argument). The connecte...

5CVSS7AI score0.24905EPSS
CVE
CVE
added 2003/05/30 4:0 a.m.53 views

CVE-2003-0225

Affected software: Microsoft IIS 4.0 and 5.0. Vulnerable component: ASP Response.AddHeader handling, which fails to cap memory usage when constructing headers. Impact: remote attackers can craft an ASP page to generate a large header, causing memory exhaustion and denial of service. Root cause (p...

5CVSS6.6AI score0.3846EPSS
Total number of security vulnerabilities91