VYPR

Internet Information Server

by Microsoft

CVEs (154)

  • CVE-2002-1180Nov 12, 2002
    risk 0.01cvss epss 0.09

    A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

  • CVE-2001-0902Nov 20, 2001
    risk 0.01cvss epss 0.17

    Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.

  • CVE-2001-0545Oct 30, 2001
    risk 0.01cvss epss 0.18

    IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.

  • CVE-2000-1090Feb 12, 2001
    risk 0.01cvss epss 0.17

    Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.

  • CVE-2000-1104Jan 9, 2001
    risk 0.01cvss epss 0.07

    Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The…

  • CVE-2000-0746Oct 20, 2000
    risk 0.01cvss epss 0.09

    Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client…

  • CVE-2000-0770Oct 20, 2000
    risk 0.01cvss epss 0.15

    IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

  • CVE-2000-0226Mar 20, 2000
    risk 0.01cvss epss 0.07

    IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."

  • CVE-2000-0115Jan 21, 2000
    risk 0.01cvss epss 0.10

    IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.

  • CVE-1999-1451Dec 31, 1999
    risk 0.01cvss epss 0.18

    The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.

  • CVE-1999-1148Dec 31, 1999
    risk 0.01cvss epss 0.17

    FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

  • CVE-1999-1035Dec 31, 1999
    risk 0.01cvss epss 0.17

    IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.

  • CVE-1999-1591Dec 31, 1999
    risk 0.01cvss epss 0.11

    Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via…

  • CVE-1999-1223Dec 31, 1999
    risk 0.01cvss epss 0.23

    IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.

  • CVE-2000-0024Dec 21, 1999
    risk 0.01cvss epss 0.12

    IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

  • CVE-1999-0777Sep 23, 1999
    risk 0.01cvss epss 0.12

    IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

  • CVE-1999-1537Jul 7, 1999
    risk 0.01cvss epss 0.09

    IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform…

  • CVE-1999-1478Jul 6, 1999
    risk 0.01cvss epss 0.18

    The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.

  • CVE-1999-0349Jan 27, 1999
    risk 0.01cvss epss 0.18

    A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

  • CVE-1999-0348Jan 27, 1999
    risk 0.01cvss epss 0.11

    IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Page 7 of 8