VYPR

Internet Information Server

by Microsoft

CVEs (154)

  • CVE-1999-1544Jan 24, 1999
    risk 0.01cvss epss 0.14

    Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.

  • CVE-1999-0007Jun 26, 1998
    risk 0.01cvss epss 0.08

    Information from SSL-encrypted sessions via PKCS #1.

  • CVE-1999-0253Jan 1, 1997
    risk 0.01cvss epss 0.08

    IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

  • CVE-2025-53805Sep 9, 2025
    risk 0.00cvss epss 0.01

    Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.

  • CVE-2012-2531Nov 14, 2012
    risk 0.00cvss epss 0.01

    Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."

  • CVE-2008-0074Feb 12, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

  • CVE-2006-6579Dec 15, 2006
    risk 0.00cvss epss 0.01

    Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read…

  • CVE-2004-0205Aug 6, 2004
    risk 0.00cvss epss 0.24

    Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

  • CVE-2001-0544Oct 30, 2001
    risk 0.00cvss epss 0.02

    IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.

  • CVE-2001-0337Jun 27, 2001
    risk 0.00cvss epss 0.05

    The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

  • CVE-1999-1233Dec 31, 1999
    risk 0.00cvss epss 0.05

    IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

  • CVE-1999-0861Aug 11, 1999
    risk 0.00cvss epss 0.03

    Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

  • CVE-1999-0229May 12, 1999
    risk 0.00cvss epss 0.06

    Denial of service in Windows NT IIS server using ..\..

  • CVE-1999-0407Feb 9, 1999
    risk 0.00cvss epss 0.05

    By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Page 8 of 8