IIS
by Microsoft
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0334 | Hig | 0.51 | 7.5 | 0.31 | Jun 27, 2001 | FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | ||
| CVE-2000-0258 | Hig | 0.50 | 7.5 | 0.20 | Apr 12, 2000 | IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | ||
| CVE-2001-0500 | 0.10 | — | 0.90 | Jul 21, 2001 | Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as… | |||
| CVE-2001-0333 | 0.10 | — | 0.85 | Jun 27, 2001 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | |||
| CVE-1999-0874 | 0.10 | — | 0.84 | Jun 16, 1999 | Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | |||
| CVE-2001-0506 | 0.09 | — | 0.78 | Sep 20, 2001 | Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | |||
| CVE-2000-0778 | 0.09 | — | 0.79 | Oct 20, 2000 | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. | |||
| CVE-1999-1011 | 0.09 | — | 0.79 | Jul 19, 1999 | The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||
| CVE-1999-0725 | 0.06 | — | 0.32 | Aug 19, 1999 | When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||
| CVE-2001-1243 | 0.05 | — | 0.21 | Jul 4, 2001 | Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the… | |||
| CVE-1999-0867 | 0.05 | — | 0.19 | Aug 11, 1999 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||
| CVE-1999-0233 | 0.05 | — | 0.31 | Feb 25, 1996 | IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||
| CVE-2005-2678 | 0.04 | — | 0.44 | Aug 23, 2005 | Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | |||
| CVE-2002-1182 | 0.04 | — | 0.44 | Nov 12, 2002 | IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | |||
| CVE-2000-0025 | 0.04 | — | 0.46 | Dec 21, 1999 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | |||
| CVE-2010-1256 | 0.03 | — | 0.34 | Jun 8, 2010 | Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS… | |||
| CVE-2001-0507 | 0.03 | — | 0.02 | Sep 20, 2001 | IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | |||
| CVE-2000-0167 | 0.03 | — | 0.00 | Feb 15, 2000 | IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | |||
| CVE-2001-0709 | 0.02 | — | 0.26 | Sep 20, 2001 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||
| CVE-2001-0545 | 0.01 | — | 0.16 | Oct 30, 2001 | IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. |
- risk 0.51cvss 7.5epss 0.31
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
- risk 0.50cvss 7.5epss 0.20
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
- CVE-2001-0500Jul 21, 2001risk 0.10cvss —epss 0.90
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as…
- CVE-2001-0333Jun 27, 2001risk 0.10cvss —epss 0.85
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
- CVE-1999-0874Jun 16, 1999risk 0.10cvss —epss 0.84
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
- CVE-2001-0506Sep 20, 2001risk 0.09cvss —epss 0.78
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
- CVE-2000-0778Oct 20, 2000risk 0.09cvss —epss 0.79
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
- CVE-1999-1011Jul 19, 1999risk 0.09cvss —epss 0.79
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
- CVE-1999-0725Aug 19, 1999risk 0.06cvss —epss 0.32
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
- CVE-2001-1243Jul 4, 2001risk 0.05cvss —epss 0.21
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the…
- CVE-1999-0867Aug 11, 1999risk 0.05cvss —epss 0.19
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
- CVE-1999-0233Feb 25, 1996risk 0.05cvss —epss 0.31
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
- CVE-2005-2678Aug 23, 2005risk 0.04cvss —epss 0.44
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
- CVE-2002-1182Nov 12, 2002risk 0.04cvss —epss 0.44
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
- CVE-2000-0025Dec 21, 1999risk 0.04cvss —epss 0.46
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
- CVE-2010-1256Jun 8, 2010risk 0.03cvss —epss 0.34
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS…
- CVE-2001-0507Sep 20, 2001risk 0.03cvss —epss 0.02
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
- CVE-2000-0167Feb 15, 2000risk 0.03cvss —epss 0.00
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
- CVE-2001-0709Sep 20, 2001risk 0.02cvss —epss 0.26
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
- CVE-2001-0545Oct 30, 2001risk 0.01cvss —epss 0.16
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
Page 1 of 2