Total
113 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0869 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | |||||
CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | |||||
CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | |||||
CVE-2002-0075 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | |||||
CVE-2002-0147 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | |||||
CVE-2006-6579 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 4.4 MEDIUM | N/A |
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. | |||||
CVE-2005-2678 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 5.0 MEDIUM | N/A |
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | |||||
CVE-2006-0026 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 6.5 MEDIUM | N/A |
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). | |||||
CVE-2003-1342 | 2 Microsoft, Trend Micro | 2 Internet Information Server, Virus Control System | 2020-11-23 | 5.0 MEDIUM | N/A |
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. | |||||
CVE-2002-0150 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | |||||
CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2020-11-23 | 10.0 HIGH | N/A |
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | |||||
CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 6.8 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | |||||
CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 5.0 MEDIUM | N/A |
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | |||||
CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2020-04-09 | 5.0 MEDIUM | N/A |
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||||
CVE-1999-0007 | 5 C2net, Hp, Microsoft and 2 more | 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more | 2020-04-02 | 5.0 MEDIUM | N/A |
Information from SSL-encrypted sessions via PKCS #1. | |||||
CVE-2017-7269 | 1 Microsoft | 2 Internet Information Server, Windows Server 2003 | 2019-07-03 | 10.0 HIGH | 9.8 CRITICAL |
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | |||||
CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2019-07-03 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | |||||
CVE-2003-1582 | 1 Microsoft | 1 Internet Information Server | 2019-07-03 | 2.6 LOW | N/A |
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
CVE-2000-0408 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2018-10-30 | 5.0 MEDIUM | N/A |
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. |