VYPR

Internet Information Server

by Microsoft

CVEs (154)

  • CVE-2002-0079Apr 22, 2002
    risk 0.09cvss epss 0.77

    Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

  • CVE-2001-0506Sep 20, 2001
    risk 0.09cvss epss 0.69

    Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

  • CVE-2000-0884Dec 19, 2000
    risk 0.09cvss epss 0.73

    IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

  • CVE-2000-0649Jul 13, 2000
    risk 0.09cvss epss 0.77

    IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

  • CVE-2000-0246Mar 30, 2000
    risk 0.09cvss epss 0.80

    IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

  • CVE-1999-1011Jul 19, 1999
    risk 0.09cvss epss 0.77

    The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

  • CVE-1999-0874Jun 16, 1999
    risk 0.09cvss epss 0.78

    Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

  • CVE-2010-1899Sep 15, 2010
    risk 0.08cvss epss 0.57

    Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request…

  • CVE-2002-1744Dec 31, 2002
    risk 0.08cvss epss 0.64

    Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).

  • CVE-2002-0148Apr 22, 2002
    risk 0.08cvss epss 0.64

    Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

  • CVE-2001-1243Jul 4, 2001
    risk 0.08cvss epss 0.63

    Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the…

  • CVE-2001-0151Jun 2, 2001
    risk 0.08cvss epss 0.68

    IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.

  • CVE-2000-0886Dec 19, 2000
    risk 0.08cvss epss 0.69

    IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

  • CVE-2000-0630Jul 17, 2000
    risk 0.08cvss epss 0.68

    IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

  • CVE-2000-0408May 11, 2000
    risk 0.08cvss epss 0.58

    IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.

  • CVE-1999-0278Jun 1, 1998
    risk 0.08cvss epss 0.65

    In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

  • CVE-2002-0422Aug 12, 2002
    risk 0.07cvss epss 0.44

    IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response,…

  • CVE-2000-0951Dec 19, 2000
    risk 0.07cvss epss 0.44

    A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.

  • CVE-2000-0457May 11, 2000
    risk 0.07cvss epss 0.53

    ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

  • CVE-2000-0413May 6, 2000
    risk 0.07cvss epss 0.44

    The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.

Page 2 of 8