Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1544 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. | |||||
| CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | |||||
| CVE-2002-1694 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | |||||
| CVE-1999-0349 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.5 HIGH | N/A |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | |||||
| CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | |||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | |||||
| CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. | |||||
| CVE-2002-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | |||||
| CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | |||||
| CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | |||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||||
| CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
| CVE-1999-0229 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of service in Windows NT IIS server using ..\.. | |||||
| CVE-2002-0075 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | |||||
| CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | |||||
| CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | |||||
| CVE-2002-0147 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | |||||
| CVE-2000-0457 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. | |||||
| CVE-2004-0205 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. | |||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||