Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Information Server
Total 112 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0087 1 Microsoft 1 Internet Information Server 2024-03-21 7.8 HIGH N/A
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
CVE-2001-0334 1 Microsoft 1 Internet Information Server 2024-02-02 5.0 MEDIUM 7.5 HIGH
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
CVE-2017-7269 1 Microsoft 2 Internet Information Server, Windows Server 2003 2023-12-10 10.0 HIGH 9.8 CRITICAL
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
CVE-2013-0942 3 Apache, Emc, Microsoft 3 Http Server, Rsa Authentication Agent, Internet Information Server 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0941 3 Apache, Microsoft, Rsa 7 Http Server, Internet Information Server, Windows and 4 more 2023-12-10 2.1 LOW N/A
EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
CVE-2003-1582 1 Microsoft 1 Internet Information Server 2023-12-10 2.6 LOW N/A
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVE-2010-1899 1 Microsoft 2 Internet Information Server, Internet Information Services 2023-12-10 4.3 MEDIUM N/A
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
CVE-2010-1256 1 Microsoft 5 Internet Information Server, Windows 2003 Server, Windows 7 and 2 more 2023-12-10 8.5 HIGH N/A
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
CVE-2009-3023 1 Microsoft 6 Internet Information Server, Windows 2000, Windows Server 2003 and 3 more 2023-12-10 9.0 HIGH N/A
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
CVE-2007-1278 2 Adobe, Microsoft 3 Coldfusion, Jrun, Internet Information Server 2023-12-10 4.3 MEDIUM N/A
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
CVE-2006-6579 1 Microsoft 2 Internet Information Server, Internet Information Services 2023-12-10 4.4 MEDIUM N/A
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
CVE-2008-0074 1 Microsoft 2 Internet Information Server, Internet Information Services 2023-12-10 7.2 HIGH N/A
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
CVE-2008-0075 1 Microsoft 1 Internet Information Server 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
CVE-2007-2897 1 Microsoft 1 Internet Information Server 2023-12-10 7.5 HIGH N/A
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
CVE-2005-2678 1 Microsoft 2 Internet Information Server, Internet Information Services 2023-12-10 5.0 MEDIUM N/A
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
CVE-2006-0026 1 Microsoft 2 Internet Information Server, Internet Information Services 2023-12-10 6.5 MEDIUM N/A
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
CVE-1999-0737 1 Microsoft 1 Internet Information Server 2023-12-10 5.0 MEDIUM N/A
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
CVE-1999-0867 1 Microsoft 3 Commercial Internet System, Internet Information Server, Site Server 2023-12-10 5.0 MEDIUM N/A
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVE-2002-0079 1 Microsoft 2 Internet Information Server, Internet Information Services 2023-12-10 7.5 HIGH N/A
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
CVE-2003-1342 2 Microsoft, Trend Micro 2 Internet Information Server, Virus Control System 2023-12-10 5.0 MEDIUM N/A
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.