Internet Information Server
by Microsoft
CVEs (154)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0867 | 0.05 | — | 0.22 | Aug 11, 1999 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||
| CVE-1999-1375 | 0.05 | — | 0.31 | Feb 11, 1999 | FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | |||
| CVE-1999-1538 | 0.05 | — | 0.25 | Jan 14, 1999 | When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | |||
| CVE-1999-0448 | 0.05 | — | 0.24 | Jan 1, 1999 | IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | |||
| CVE-2008-1446 | 0.04 | — | 0.46 | Oct 15, 2008 | Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via… | |||
| CVE-2002-0150 | 0.04 | — | 0.49 | Apr 22, 2002 | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | |||
| CVE-2001-0507 | 0.04 | — | 0.09 | Sep 20, 2001 | IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | |||
| CVE-2001-0336 | 0.04 | — | 0.16 | Jun 27, 2001 | The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | |||
| CVE-2000-1147 | 0.04 | — | 0.08 | Jan 9, 2001 | Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | |||
| CVE-2000-0970 | 0.04 | — | 0.46 | Dec 19, 2000 | IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||
| CVE-2000-0114 | 0.04 | — | 0.48 | Feb 2, 2000 | Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | |||
| CVE-1999-0412 | 0.04 | — | 0.10 | Feb 19, 1999 | In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||
| CVE-1999-0449 | 0.04 | — | 0.50 | Jan 26, 1999 | The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. | |||
| CVE-1999-0450 | 0.04 | — | 0.19 | Jan 26, 1999 | In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | |||
| CVE-1999-0281 | 0.04 | — | 0.13 | Jun 1, 1997 | Denial of service in IIS using long URLs. | |||
| CVE-1999-0233 | 0.04 | — | 0.16 | Feb 25, 1996 | IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||
| CVE-2010-2730 | 0.03 | — | 0.33 | Sep 15, 2010 | Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." | |||
| CVE-2005-2678 | 0.03 | — | 0.42 | Aug 23, 2005 | Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | |||
| CVE-2003-0225 | 0.03 | — | 0.38 | Jun 9, 2003 | The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. | |||
| CVE-2002-1182 | 0.03 | — | 0.36 | Nov 12, 2002 | IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. |
- CVE-1999-0867Aug 11, 1999risk 0.05cvss —epss 0.22
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
- CVE-1999-1375Feb 11, 1999risk 0.05cvss —epss 0.31
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
- CVE-1999-1538Jan 14, 1999risk 0.05cvss —epss 0.25
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
- CVE-1999-0448Jan 1, 1999risk 0.05cvss —epss 0.24
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
- CVE-2008-1446Oct 15, 2008risk 0.04cvss —epss 0.46
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via…
- CVE-2002-0150Apr 22, 2002risk 0.04cvss —epss 0.49
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
- CVE-2001-0507Sep 20, 2001risk 0.04cvss —epss 0.09
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
- CVE-2001-0336Jun 27, 2001risk 0.04cvss —epss 0.16
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
- CVE-2000-1147Jan 9, 2001risk 0.04cvss —epss 0.08
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
- CVE-2000-0970Dec 19, 2000risk 0.04cvss —epss 0.46
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
- CVE-2000-0114Feb 2, 2000risk 0.04cvss —epss 0.48
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
- CVE-1999-0412Feb 19, 1999risk 0.04cvss —epss 0.10
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
- CVE-1999-0449Jan 26, 1999risk 0.04cvss —epss 0.50
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
- CVE-1999-0450Jan 26, 1999risk 0.04cvss —epss 0.19
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
- CVE-1999-0281Jun 1, 1997risk 0.04cvss —epss 0.13
Denial of service in IIS using long URLs.
- CVE-1999-0233Feb 25, 1996risk 0.04cvss —epss 0.16
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
- CVE-2010-2730Sep 15, 2010risk 0.03cvss —epss 0.33
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
- CVE-2005-2678Aug 23, 2005risk 0.03cvss —epss 0.42
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
- CVE-2003-0225Jun 9, 2003risk 0.03cvss —epss 0.38
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
- CVE-2002-1182Nov 12, 2002risk 0.03cvss —epss 0.36
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
Page 4 of 8