Lucene search

K
MicrosoftInternet Information Services6.0

4 matches found

CVE
CVE
added 2017/03/27 2:59 a.m.1602 views

CVE-2017-7269

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the w...

10CVSS8.9AI score0.94358EPSS
CVE
CVE
added 2009/06/10 2:30 p.m.377 views

CVE-2009-1535

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by insertin...

7.5CVSS6.7AI score0.92339EPSS
CVE
CVE
added 2009/12/29 9:0 p.m.310 views

CVE-2009-4444

Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, ...

6CVSS6.6AI score0.58584EPSS
CVE
CVE
added 2005/07/05 4:0 a.m.150 views

CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body...

4.3CVSS6.3AI score0.54337EPSS