91 matches found
CVE-2000-0746
The CVE-2000-0746 entry concerns a Microsoft IIS XSS vulnerability affecting IIS 4.0 and 5.0. The issue arises from improper handling of unquoted script content in links returned within error messages, allowing a malicious site to craft a link that executes scripts in the context of a trusted sit...
CVE-2002-0079
The CVE-2002-0079 issue is a heap/buffer overflow in the ASP ISAPI filter of Microsoft IIS (4.0/5.0) triggered by chunked-encoded POST data in ASP pages. Public writeups (SAINT) describe remote exploitation causing crashes in dllhost.exe or arbitrary code execution on IIS 5.0, with a patch refere...
CVE-2001-0902
Microsoft IIS 5.0 is affected. The vulnerability allows remote attackers to spoof web log entries by sending HTTP requests containing hex-encoded newline or form-feed characters, enabling log pollution/improper logging. CVE-2001-0902 details indicate impact to log integrity (partial) and potentia...
CVE-2003-0226
CVE-2003-0226 : Microsoft IIS 5.0 and 5.1 are affected by a WebDAV-based denial-of-service when processing excessively long PROPFIND or SEARCH requests, leading to an error condition that IIS does not handle properly. The OpenVAS/NESSUS inputs reference MS03-018 (Cumulative Patch for IIS) as the ...
CVE-1999-0154
The vulnerability affects IIS versions 2.0–3.0, where a request ending with a period (dot) can cause the server to reveal ASP page source to an attacker. This is a remote read of source code resulting from the URL handling behavior in IIS 2.0/3.0. Practical impact: exposure of ASP source. The PT-...
CVE-2002-1790
CVE-2002-1790 affects the SMTP service in Microsoft IIS 4.0/5.0, where the root cause is bypassing anti-relaying rules by using encapsulated SMTP addresses, enabling remote attackers to send spam or spoofed messages. This CVE is linked to the prior CVE-1999-0682 remediation lineage. The connected...
CVE-1999-0412
CVE-1999-0412 affects IIS and other web servers where the server runs as SYSTEM and loads an ISAPI extension. The underlying issue allows an attacker to execute commands with SYSTEM privileges via the ISAPI extension, enabling high-privilege access on the affected server. Connected documents corr...
CVE-2002-0071
CVE-2002-0071: Buffer overflow in the ism.dll ISAPI extension (HTR) of Microsoft IIS 4.0/5.0 allows DoS or arbitrary code execution via crafted HTR requests with long variable names. The vulnerability affects IIS 4.0, 5.0 (and 5.1 per advisories) and is addressed by Microsoft Security Bulletin MS...
CVE-2002-0224
MSDTC DoS (CVE-2002-0224) affects Microsoft Windows 2000, IIS 5.x, and SQL Server up to 2000. A DoS can be triggered by sending malformed input to the MSDTC service, potentially causing crashes or hangs. OpenVAS/Nessus refer to MS02-018 as the patch that mitigates related issues; applying that pa...
CVE-2002-0869
CVE-2002-0869 refers to an unknown vulnerability in the IIS hosting process (dllhost.exe) affecting IIS 4.0–5.1 that enables remote attackers to gain LocalSystem privileges by executing an out-of-process application. Connected sources document related patches: OpenVAS/NASL entries reference MS02-...
CVE-2003-1566
CVE-2003-1566 concerns Microsoft Internet Information Services (IIS) 5.0 where requests using the TRACK method are not logged. The underlying issue is the logging gap for the TRACK method, which can allow remote attackers to access sensitive information without detection. The provided documents s...
CVE-2000-0457
Summary: CVE-2000-0457 affects Microsoft IIS 4.0/5.0 via ISM.DLL, enabling remote disclosure of file contents by requesting a file and appending spaces and ".HTR" (the File Fragment Reading vulnerability). Affected component: ISM.DLL in IIS 4.0/5.0 handling .HTR requests. Impact: partial confiden...
CVE-2001-0507
CVE-2001-0507 describes a privilege-elevation flaw in IIS 5.0 where local users can gain privileges by abusing relative path resolution to system files used to run in-process Trojan horse files. OpenVAS/NVD entries corroborate an IIS remote/content-exploitation lineage around early MS01-044 era; ...
CVE-2002-0074
CVE-2002-0074 describes a cross-site scripting vulnerability in the IIS Help Files search facility affecting Microsoft IIS 4.0, 5.0 and 5.1. The issue allows remote attackers to embed scripts into another user’s session through crafted input, as detailed in CERT/CC and various vulnerability advis...
CVE-1999-0233
IIS 1.0 is reported to allow users to execute arbitrary commands via .bat or .cmd files. The cited sources do not provide concrete technical details beyond this description (no specific root cause, affected versions beyond IIS 1.0, or remediation steps). Exploitation status and in‑the‑wild use ar...
CVE-2002-0072
CVE-2002-0072 describes a denial-of-service in Microsoft IIS 4.0/5.0/5.1 caused by the w3svc.dll FP2002/ISAPI filter when handling an overly long URL. The error handling rewrites a URL to a null value and then dereferences it, crashing Inetinfo.exe. Affected components: FP2002 Front Page Server E...
CVE-2002-0073
Summary of CVE-2002-0073 : The FTP service in Microsoft IIS 4.0, 5.0, and 5.1 is vulnerable to a denial-of-service when a currently authenticated or session-hosted FTP user issues a specially crafted status request containing glob characters. The vulnerability may cause the IIS server to crash an...
CVE-2002-0147
CVE-2002-0147 describes a heap-based buffer overflow in IIS's ASP data transfer/chunked encoding, affecting IIS 4.0, 5.0 and 5.1. An attacker could cause a denial of service or execute arbitrary code on the server, with privileges depending on the affected ISAPI/ASP context (IWAM_computername or ...
CVE-2001-0508
CVE-2001-0508 relates to Microsoft IIS 5.0 WebDAV processing. A very long, invalid WebDAV request can trigger a memory access error, causing the IIS 5.0 process to terminate and restart (DoS). The issue is addressed by the MS01-044 patch from Microsoft. Affected platform noted in sources is IIS 5...
CVE-2001-0544
CVE-2001-0544 affects IIS 5.0. A crafted invalid MIME Content-Type header can cause a denial of service by corrupting the File Type table. Local user access, no authentication required, partial availability impact. Connected docs mention related MS01-044 references; no patch/fix details are provi...
CVE-2001-1243
CVE-2001-1243 affects Microsoft IIS 4.0/5.0 with asp.dll Scripting.FileSystemObject. The vulnerability allows local or remote attackers to cause a denial of service (crash) by: (1) crafting an ASP program using Scripting.FileSystemObject to open a file using an MS-DOS device name, or (2) injectin...
CVE-2002-0150
CVE-2002-0150 refers to a buffer overflow in Microsoft IIS 4.0/5.0/5.1 that can be triggered by inaccurate checking of HTTP header delimiters, potentially allowing an attacker to crash the server or execute arbitrary code. The vulnerability is part of a set of issues addressed by Microsoft Securi...
CVE-2002-1182
CVE-2002-1182 affects Microsoft IIS 5.0 and 5.1. A remote attacker can trigger a denial of service by sending malformed WebDAV requests that cause IIS to allocate an unusually large amount of memory, potentially crashing the server. The vulnerability is characterized as a memory allocation issue ...
CVE-2000-0258
CVE-2000-0258 affects IIS 4.0 and 5.0. The provided documents describe a remote denial-of-service vulnerability triggered by sending many URLs containing a large number of escaped characters, referred to as the "Myriad Escaped Characters" vulnerability. The NVD entry provides CVSS scores (2.0: 5....
CVE-2000-0770
CVE-2000-0770 affects Microsoft IIS 4.0 and 5.0, where file permission canonicalization allows remote attackers to bypass access restrictions on certain files when parent folders have permissive permissions. The connected documents corroborate the issue as the “File Permission Canonicalization” v...
CVE-2002-1744
The connected CVE records confirm a directory traversal in CodeBrws.asp for Microsoft IIS 5.0. The vulnerable component is CodeBrws.asp (IIS 5.0), with the underlying issue caused by a hex-encoded "+%c0%ae%c0%ae+" sequence representing ".." that allows remote attackers to view source code and det...
CVE-2000-0951
The CVE-2000-0951 issue affects Microsoft IIS (likely IIS 5.0) where Index Server is enabled and the Index property misconfigured, allowing remote users to list web root directories via a WebDAV search. This results in information disclosure about remote directories and HTML files, increasing an ...
CVE-2002-1694
The CVE refers to Microsoft Internet Information Server (IIS) 4.0 where log files are opened with FILE_SHARE_READ and FILE_SHARE_WRITE permissions. This shared access could allow remote attackers to modify log file contents while IIS is running, representing a potential integrity impact on logs. ...
CVE-1999-0281
CVE-1999-0281 describes a denial-of-service issue in Microsoft IIS triggered by long URLs. Connected documents identify IIS as the affected product and reiterate the DoS impact but do not provide concrete technical details such as vulnerable components, root cause, affected versions, or a fix. A ...
CVE-2000-0304
Summary: CVE-2000-0304 affects Microsoft IIS 4.0 and 5.0 when the IISADMPWD virtual directory is installed. A malformed request to inetinfo.exe (the undelimited .HTR request) can cause a remote denial of service. What is affected: IIS 4.0 and, to a lesser extent, IIS 5.0; presence of IISADMPWD is...
CVE-2000-0778
CVE-2000-0778 affects Microsoft IIS (IIS 5.0/5.1). Vulnerability arises from an information-disclosure flaw where an HTTP Translate: f header allows remote attackers to obtain ASP/ASA source code. Affected products include Windows IIS; root cause is improper handling of the Translate header leadi...
CVE-2001-0004
This CVE concerns IIS 4.0/5.0 where an attacker can cause the server to disclose file contents by sending a crafted GET request that appends %3F+.htr, causing the target file to be parsed as an .HTR ISAPI extension. Impact: unauthenticated remote disclosure of potentially sensitive files within t...
CVE-2000-0630
Summary: IIS 4.0 and 5.0 can disclose fragments of source code by requesting a known file with a appended +.htr, via the ISAPI-based .HTR handling in IIS. What’s affected: Microsoft Internet Information Services (IIS) 4.0/5.0, specifically the mechanism that processes .HTR ISAPI scripts (ISM.DLL)...
CVE-2002-1908
CVE-2002-1908 affects Microsoft IIS 5.0 and 5.1. The vulnerability allows remote attackers to trigger high CPU usage leading to a denial of service by sending an HTTP request whose Host header contains a large number of forward-slash characters. The Red Hat and CVE records corroborate the same im...
CVE-2001-0096
CVE-2001-0096 describes a denial-of-service flaw in Microsoft IIS FrontPage Server Extensions (FPSE) on IIS 4.0/5.0, where a remote attacker can crash the server via a malformed web form submission. OpenVAS/Nessus classify this as a remote DoS that renders the service unusable. Public references ...
CVE-2001-1186
CVE-2001-1186 affects Microsoft IIS 5.0. The issue is a denial of service caused by an HTTP request whose Content-Length is larger than the request body, preventing IIS from timing out the connection. The connected documents confirm the same description across NVD and CVE lists. There are no deta...
CVE-2002-1745
CVE-2002-1745 concerns an off-by-one error in the CodeBrws.asp sample script bundled with Microsoft IIS 5.0. The vulnerability allows remote attackers to view source code for files with extensions that contain one extra character after .html, .htm, .asp, or .inc (e.g., .aspx). Root cause is an of...
CVE-2003-0223
Microsoft IIS 4.0/5.0/5.1 is affected by a cross-site scripting (XSS) vulnerability in the ASP redirection function that allows remote attackers to embed script in a redirection URL/message. The issue is identified as CVE-2003-0223 (MS03-018), with a patch referenced as Microsoft security bulleti...
CVE-2002-1695
CVE-2002-1695 affects Norton Internet Security 2001. The issue stems from the product opening log files with FILE_SHARE_READ and FILE_SHARE_WRITE, which could allow remote attackers to modify log contents while Norton Internet Security is running. The provided documents do not include a remediati...
CVE-2000-0631
The CVE-2000-0631 entry concerns an IIS administrative script that was in IIS 3.0 and later included in IIS 4.0 and 5.0. The vulnerability allows remote attackers to cause a denial of service by accessing the script without a specific argument (the Absent Directory Browser Argument). The connecte...
CVE-2003-0225
Affected software: Microsoft IIS 4.0 and 5.0. Vulnerable component: ASP Response.AddHeader handling, which fails to cap memory usage when constructing headers. Impact: remote attackers can craft an ASP page to generate a large header, causing memory exhaustion and denial of service. Root cause (p...