Internet Information Services Security Vulnerabilities and Issues — Internet Information Services CVE List

Lucene search

MicrosoftInternet Information Services

7 matches found

CVE•added 2009/09/04 10:30 a.m.•421 views

CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot do...

5CVSS6.1AI score0.60775EPSS

CVE•added 2009/12/29 9:0 p.m.•379 views

CVE-2009-4445

Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstra...

6CVSS6.8AI score0.10061EPSS

CVE•added 2009/06/10 2:30 p.m.•377 views

CVE-2009-1535

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by insertin...

7.5CVSS6.7AI score0.92339EPSS

CVE•added 2009/01/15 12:30 a.m.•336 views

CVE-2003-1567

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by usi...

5.8CVSS6.1AI score0.79926EPSS

CVE•added 2009/12/29 9:0 p.m.•310 views

CVE-2009-4444

Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, ...

6CVSS6.6AI score0.58584EPSS

CVE•added 2009/06/10 6:30 p.m.•177 views

CVE-2009-1122

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability...

7.5CVSS6.4AI score0.92339EPSS

CVE•added 2009/01/15 12:30 a.m.•53 views

CVE-2003-1566

Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.

5CVSS6.3AI score0.09301EPSS