IIS
by Microsoft
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0253 | 0.01 | — | 0.08 | Jan 1, 1997 | IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | |||
| CVE-2001-0544 | 0.00 | — | 0.02 | Oct 30, 2001 | IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. | |||
| CVE-2001-0337 | 0.00 | — | 0.05 | Jun 27, 2001 | The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. | |||
| CVE-1999-1233 | 0.00 | — | 0.05 | Dec 31, 1999 | IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. |
- CVE-1999-0253Jan 1, 1997risk 0.01cvss —epss 0.08
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
- CVE-2001-0544Oct 30, 2001risk 0.00cvss —epss 0.02
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
- CVE-2001-0337Jun 27, 2001risk 0.00cvss —epss 0.05
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
- CVE-1999-1233Dec 31, 1999risk 0.00cvss —epss 0.05
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
Page 4 of 4