Total
112 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1233 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 7.5 HIGH | N/A |
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | |||||
CVE-1999-0229 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Denial of service in Windows NT IIS server using ..\.. | |||||
CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | |||||
CVE-2002-1694 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | |||||
CVE-1999-1544 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. | |||||
CVE-1999-1537 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. | |||||
CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | |||||
CVE-2002-0073 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | |||||
CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | |||||
CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | |||||
CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||
CVE-2001-0337 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. | |||||
CVE-2000-0457 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. | |||||
CVE-2000-0114 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | |||||
CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | |||||
CVE-2000-0630 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | |||||
CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
CVE-2000-0631 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. | |||||
CVE-1999-0007 | 5 C2net, Hp, Microsoft and 2 more | 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Information from SSL-encrypted sessions via PKCS #1. |