Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||
| CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
| The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | |||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 2.6 LOW | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | |||||
| CVE-2001-0500 | 1 Microsoft | 3 Index Server, Indexing Service, Internet Information Server | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | |||||
| CVE-2000-0167 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 2.1 LOW | N/A |
| IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | |||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | |||||
| CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | |||||
| CVE-1999-1451 | 1 Microsoft | 2 Internet Information Server, Site Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | |||||
| CVE-2003-0225 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
| The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. | |||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | |||||
| CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
| IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | |||||
| CVE-2001-0333 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | |||||
| CVE-2002-0149 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | |||||
| CVE-2001-0336 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | |||||
| CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
| CVE-2001-0004 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
| IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
| CVE-1999-0738 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0861 | 1 Microsoft | 4 Commercial Internet System, Internet Information Server, Site Server and 1 more | 2023-12-10 | 2.6 LOW | N/A |
| Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | |||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1035 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. | |||||