VYPR

Internet Information Server

by Microsoft

CVEs (154)

  • CVE-2000-0631Jul 14, 2000
    risk 0.02cvss epss 0.25

    An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.

  • CVE-2000-0304May 10, 2000
    risk 0.02cvss epss 0.29

    Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.

  • CVE-2000-0071Jan 11, 2000
    risk 0.02cvss epss 0.28

    IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

  • CVE-1999-0738May 7, 1999
    risk 0.02cvss epss 0.29

    The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

  • CVE-1999-0737May 7, 1999
    risk 0.02cvss epss 0.28

    The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

  • CVE-1999-0739May 7, 1999
    risk 0.02cvss epss 0.29

    The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

  • CVE-1999-1376Jan 14, 1999
    risk 0.02cvss epss 0.24

    Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.

  • CVE-2014-4078Nov 11, 2014
    risk 0.01cvss epss 0.18

    The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule…

  • CVE-2003-1582Feb 5, 2010
    risk 0.01cvss epss 0.10

    Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences,…

  • CVE-2009-4445Dec 29, 2009
    risk 0.01cvss epss 0.13

    Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe…

  • CVE-2008-4301Sep 29, 2008
    risk 0.01cvss epss 0.17

    A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original…

  • CVE-2008-4300Sep 29, 2008
    risk 0.01cvss epss 0.14

    A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable…

  • CVE-2006-6578Dec 15, 2006
    risk 0.01cvss epss 0.07

    Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when…

  • CVE-2003-0224Jun 9, 2003
    risk 0.01cvss epss 0.18

    Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."

  • CVE-2003-0223Jun 9, 2003
    risk 0.01cvss epss 0.17

    Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

  • CVE-2002-1695Dec 31, 2002
    risk 0.01cvss epss 0.14

    Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

  • CVE-2002-1694Dec 31, 2002
    risk 0.01cvss epss 0.13

    Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

  • CVE-2002-1718Dec 31, 2002
    risk 0.01cvss epss 0.14

    Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.

  • CVE-2002-1717Dec 31, 2002
    risk 0.01cvss epss 0.16

    Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.

  • CVE-2002-1908Dec 31, 2002
    risk 0.01cvss epss 0.14

    Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.

Page 6 of 8