VYPR

Internet Information Server

by Microsoft

CVEs (154)

  • CVE-2002-1181Nov 12, 2002
    risk 0.03cvss epss 0.39

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or…

  • CVE-2002-0071Apr 22, 2002
    risk 0.03cvss epss 0.34

    Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

  • CVE-2002-0075Apr 22, 2002
    risk 0.03cvss epss 0.34

    Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

  • CVE-2002-0074Apr 22, 2002
    risk 0.03cvss epss 0.34

    Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

  • CVE-2001-0709Sep 20, 2001
    risk 0.03cvss epss 0.36

    Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.

  • CVE-2001-0146Jun 2, 2001
    risk 0.03cvss epss 0.37

    IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.

  • CVE-2000-0167Feb 15, 2000
    risk 0.03cvss epss 0.03

    IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.

  • CVE-2000-0025Dec 21, 1999
    risk 0.03cvss epss 0.35

    IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

  • CVE-2011-5279Apr 23, 2014
    risk 0.02cvss epss 0.19

    CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

  • CVE-2010-1256Jun 8, 2010
    risk 0.02cvss epss 0.28

    Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS…

  • CVE-2007-0087Jan 5, 2007
    risk 0.02cvss epss 0.23

    Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the…

  • CVE-2005-2089Jul 5, 2005
    risk 0.02cvss epss 0.31

    Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle…

  • CVE-2002-0869Nov 12, 2002
    risk 0.02cvss epss 0.24

    Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege…

  • CVE-2002-0364Jul 3, 2002
    risk 0.02cvss epss 0.31

    Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

  • CVE-2002-0224May 16, 2002
    risk 0.02cvss epss 0.22

    The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

  • CVE-2001-0508Sep 20, 2001
    risk 0.02cvss epss 0.27

    Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.

  • CVE-2001-0335Jun 27, 2001
    risk 0.02cvss epss 0.21

    FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

  • CVE-2001-0096Feb 12, 2001
    risk 0.02cvss epss 0.20

    FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.

  • CVE-2001-0004Feb 12, 2001
    risk 0.02cvss epss 0.28

    IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

  • CVE-2000-0858Nov 14, 2000
    risk 0.02cvss epss 0.19

    Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

Page 5 of 8