Internet Information Services
by Microsoft
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-1567 | Hig | 0.51 | 7.5 | 0.25 | Jan 15, 2009 | The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly… | ||
| CVE-2003-1566 | 0.05 | — | 0.28 | Jan 15, 2009 | Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | |||
| CVE-2008-0075 | 0.05 | — | 0.57 | Feb 12, 2008 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | |||
| CVE-2008-1446 | 0.04 | — | 0.46 | Oct 15, 2008 | Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via… | |||
| CVE-2003-1582 | 0.01 | — | 0.10 | Feb 5, 2010 | Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences,… | |||
| CVE-2008-4301 | 0.01 | — | 0.17 | Sep 29, 2008 | A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original… | |||
| CVE-2008-4300 | 0.01 | — | 0.14 | Sep 29, 2008 | A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable… | |||
| CVE-2008-0074 | 0.00 | — | 0.05 | Feb 12, 2008 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. |
- risk 0.51cvss 7.5epss 0.25
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly…
- CVE-2003-1566Jan 15, 2009risk 0.05cvss —epss 0.28
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.
- CVE-2008-0075Feb 12, 2008risk 0.05cvss —epss 0.57
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
- CVE-2008-1446Oct 15, 2008risk 0.04cvss —epss 0.46
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via…
- CVE-2003-1582Feb 5, 2010risk 0.01cvss —epss 0.10
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences,…
- CVE-2008-4301Sep 29, 2008risk 0.01cvss —epss 0.17
A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original…
- CVE-2008-4300Sep 29, 2008risk 0.01cvss —epss 0.14
A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable…
- CVE-2008-0074Feb 12, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.