Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0333 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | |||||
| CVE-1999-0007 | 5 C2net, Hp, Microsoft and 2 more | 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Information from SSL-encrypted sessions via PKCS #1. | |||||
| CVE-2005-2678 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | |||||
| CVE-1999-1148 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | |||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.1 HIGH | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||||
| CVE-2002-0073 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | |||||
| CVE-2002-0072 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. | |||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | |||||
| CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-2000-0226 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." | |||||
| CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. | |||||
| CVE-2002-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | |||||
| CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | |||||
| CVE-1999-1478 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. | |||||
| CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | |||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | |||||
| CVE-2003-1342 | 2 Microsoft, Trend Micro | 2 Internet Information Server, Virus Control System | 2025-04-03 | 5.0 MEDIUM | N/A |
| Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. | |||||
| CVE-2002-1694 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | |||||
| CVE-1999-1544 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. | |||||
| CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | |||||