VYPR

IIS

by Microsoft

CVEs (64)

  • CVE-1999-0253Jan 1, 1997
    risk 0.01cvss epss 0.08

    IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

  • CVE-2001-0544Oct 30, 2001
    risk 0.00cvss epss 0.02

    IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.

  • CVE-2001-0337Jun 27, 2001
    risk 0.00cvss epss 0.05

    The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

  • CVE-1999-1233Dec 31, 1999
    risk 0.00cvss epss 0.05

    IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

Page 4 of 4