IIS
by Microsoft
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1186 | 0.06 | — | 0.31 | Dec 11, 2001 | Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. | |||
| CVE-2002-0149 | 0.05 | — | 0.63 | Apr 22, 2002 | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | |||
| CVE-1999-0867 | 0.05 | — | 0.22 | Aug 11, 1999 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||
| CVE-2001-0507 | 0.04 | — | 0.09 | Sep 20, 2001 | IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | |||
| CVE-2001-0336 | 0.04 | — | 0.16 | Jun 27, 2001 | The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | |||
| CVE-2000-0970 | 0.04 | — | 0.46 | Dec 19, 2000 | IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||
| CVE-1999-0233 | 0.04 | — | 0.16 | Feb 25, 1996 | IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||
| CVE-2005-2678 | 0.03 | — | 0.42 | Aug 23, 2005 | Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | |||
| CVE-2002-1182 | 0.03 | — | 0.36 | Nov 12, 2002 | IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | |||
| CVE-2002-0075 | 0.03 | — | 0.34 | Apr 22, 2002 | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | |||
| CVE-2001-0709 | 0.03 | — | 0.36 | Sep 20, 2001 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||
| CVE-2001-0146 | 0.03 | — | 0.37 | Jun 2, 2001 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | |||
| CVE-2000-0167 | 0.03 | — | 0.03 | Feb 15, 2000 | IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | |||
| CVE-2000-0025 | 0.03 | — | 0.35 | Dec 21, 1999 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | |||
| CVE-2010-1256 | 0.02 | — | 0.28 | Jun 8, 2010 | Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS… | |||
| CVE-2005-2089 | 0.02 | — | 0.31 | Jul 5, 2005 | Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle… | |||
| CVE-2002-0224 | 0.02 | — | 0.22 | May 16, 2002 | The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. | |||
| CVE-2001-0508 | 0.02 | — | 0.27 | Sep 20, 2001 | Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | |||
| CVE-2001-0335 | 0.02 | — | 0.21 | Jun 27, 2001 | FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | |||
| CVE-2000-0858 | 0.02 | — | 0.19 | Nov 14, 2000 | Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. |
- CVE-2001-1186Dec 11, 2001risk 0.06cvss —epss 0.31
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
- CVE-2002-0149Apr 22, 2002risk 0.05cvss —epss 0.63
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
- CVE-1999-0867Aug 11, 1999risk 0.05cvss —epss 0.22
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
- CVE-2001-0507Sep 20, 2001risk 0.04cvss —epss 0.09
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
- CVE-2001-0336Jun 27, 2001risk 0.04cvss —epss 0.16
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
- CVE-2000-0970Dec 19, 2000risk 0.04cvss —epss 0.46
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
- CVE-1999-0233Feb 25, 1996risk 0.04cvss —epss 0.16
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
- CVE-2005-2678Aug 23, 2005risk 0.03cvss —epss 0.42
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
- CVE-2002-1182Nov 12, 2002risk 0.03cvss —epss 0.36
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
- CVE-2002-0075Apr 22, 2002risk 0.03cvss —epss 0.34
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
- CVE-2001-0709Sep 20, 2001risk 0.03cvss —epss 0.36
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
- CVE-2001-0146Jun 2, 2001risk 0.03cvss —epss 0.37
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
- CVE-2000-0167Feb 15, 2000risk 0.03cvss —epss 0.03
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
- CVE-2000-0025Dec 21, 1999risk 0.03cvss —epss 0.35
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
- CVE-2010-1256Jun 8, 2010risk 0.02cvss —epss 0.28
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS…
- CVE-2005-2089Jul 5, 2005risk 0.02cvss —epss 0.31
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle…
- CVE-2002-0224May 16, 2002risk 0.02cvss —epss 0.22
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
- CVE-2001-0508Sep 20, 2001risk 0.02cvss —epss 0.27
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
- CVE-2001-0335Jun 27, 2001risk 0.02cvss —epss 0.21
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
- CVE-2000-0858Nov 14, 2000risk 0.02cvss —epss 0.19
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
Page 2 of 4