Internet Information Services Security Vulnerabilities and Issues — Internet Information Services CVE List

Lucene search

MicrosoftInternet Information Services

9 matches found

CVE•added 2005/06/21 4:0 a.m.•129 views

CVE-2002-1717

Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.

5CVSS6.3AI score0.12941EPSS

CVE•added 2005/06/21 4:0 a.m.•83 views

CVE-2002-1718

Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.

5CVSS7AI score0.20638EPSS

CVE•added 2005/06/28 4:0 a.m.•61 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5CVSS6.7AI score0.17784EPSS

CVE•added 2005/06/21 4:0 a.m.•57 views

CVE-2002-1700

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

4.3CVSS6.4AI score0.30367EPSS

CVE•added 2005/06/21 4:0 a.m.•50 views

CVE-2002-1744

Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).

5CVSS7.2AI score0.70539EPSS

CVE•added 2005/06/21 4:0 a.m.•48 views

CVE-2002-1694

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

5CVSS7AI score0.01667EPSS

CVE•added 2005/06/28 4:0 a.m.•45 views

CVE-2002-1908

Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.

5CVSS7AI score0.11785EPSS

CVE•added 2005/06/21 4:0 a.m.•42 views

CVE-2002-1695

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

5CVSS7AI score0.02035EPSS

CVE•added 2005/06/21 4:0 a.m.•41 views

CVE-2002-1745

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

7.5CVSS7.2AI score0.11707EPSS