Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Server
Subscriptions
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0408 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. | ||||
| CVE-2001-0096 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. | ||||
| CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | ||||
| CVE-2001-1243 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | ||||
| CVE-2002-0419 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. | ||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | ||||
| CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | ||||
| CVE-1999-1223 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | ||||
| CVE-1999-0874 | 1 Microsoft | 3 Internet Information Server, Windows 2000, Windows Nt | 2025-04-03 | N/A |
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | ||||
| CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | ||||
| CVE-2000-0770 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. | ||||
| CVE-2002-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | ||||
| CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | ||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | ||||
| CVE-2002-0149 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | ||||
| CVE-2002-0869 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | ||||
| CVE-2002-1694 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | ||||
| CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | ||||
| CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Denial of service in IIS using long URLs. | ||||
| CVE-1999-0229 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| Denial of service in Windows NT IIS server using ..\.. | ||||