Internet Information Services Security Vulnerabilities and Issues — Internet Information Services CVE List

Lucene search

MicrosoftInternet Information Services

5 matches found

CVE•added 2004/11/03 5:0 a.m.•88 views

CVE-2003-0718

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

5CVSS6.7AI score0.45479EPSS

CVE•added 2004/09/01 4:0 a.m.•66 views

CVE-2002-1180

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

7.5CVSS6.5AI score0.01396EPSS

CVE•added 2004/09/01 4:0 a.m.•59 views

CVE-2001-0902

Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.

7.5CVSS7AI score0.17979EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2002-1182

IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.

5CVSS6.6AI score0.25424EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2001-1186

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

5CVSS7AI score0.32409EPSS