VYPR

Internet Information Services

by Microsoft

CVEs (8)

  • CVE-2003-1567HigJan 15, 2009
    risk 0.51cvss 7.5epss 0.25

    The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly…

  • CVE-2003-1566Jan 15, 2009
    risk 0.05cvss epss 0.28

    Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.

  • CVE-2008-0075Feb 12, 2008
    risk 0.05cvss epss 0.57

    Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

  • CVE-2008-1446Oct 15, 2008
    risk 0.04cvss epss 0.46

    Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via…

  • CVE-2003-1582Feb 5, 2010
    risk 0.01cvss epss 0.10

    Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences,…

  • CVE-2008-4301Sep 29, 2008
    risk 0.01cvss epss 0.17

    A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original…

  • CVE-2008-4300Sep 29, 2008
    risk 0.01cvss epss 0.14

    A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable…

  • CVE-2008-0074Feb 12, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.