VYPR

Internet Information Server

by Microsoft

CVEs (154)

  • CVE-2017-7269CriKEVMar 27, 2017
    risk 0.80cvss 9.8epss 1.00

    Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as…

  • CVE-2016-0152HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.04

    Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."

  • CVE-2003-1567HigJan 15, 2009
    risk 0.51cvss 7.5epss 0.25

    The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly…

  • CVE-2002-1745HigDec 31, 2002
    risk 0.50cvss 7.5epss 0.18

    Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

  • CVE-2001-0334HigJun 27, 2001
    risk 0.50cvss 7.5epss 0.15

    FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

  • CVE-2000-0258HigApr 12, 2000
    risk 0.50cvss 7.5epss 0.20

    IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

  • CVE-1999-0012HigFeb 6, 1998
    risk 0.47cvss 7.0epss 0.18

    Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

  • CVE-2017-0055MedMar 17, 2017
    risk 0.41cvss 6.1epss 0.16

    Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site…

  • CVE-2010-3972Dec 23, 2010
    risk 0.11cvss epss 0.95

    Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash)…

  • CVE-2009-1122Jun 10, 2009
    risk 0.11cvss epss 0.98

    The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication…

  • CVE-2009-1535Jun 10, 2009
    risk 0.11cvss epss 0.98

    The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as…

  • CVE-2001-0500Jul 21, 2001
    risk 0.11cvss epss 0.97

    Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as…

  • CVE-2009-2521Sep 4, 2009
    risk 0.10cvss epss 0.82

    Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory,…

  • CVE-2009-3023Aug 31, 2009
    risk 0.10cvss epss 0.91

    Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and…

  • CVE-2006-0026Jul 11, 2006
    risk 0.10cvss epss 0.89

    Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

  • CVE-2005-4360Dec 20, 2005
    risk 0.10cvss epss 0.87

    The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value…

  • CVE-2003-0718Nov 3, 2004
    risk 0.10cvss epss 0.88

    The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of…

  • CVE-2001-0333Jun 27, 2001
    risk 0.10cvss epss 0.91

    Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

  • CVE-2000-0778Oct 20, 2000
    risk 0.10cvss epss 0.87

    IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.

  • CVE-2007-2815May 22, 2007
    risk 0.09cvss epss 0.73

    The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the…

Page 1 of 8