Product:

Internet_information_server

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 108
Date Id Summary Products Score Patch Annotated
2010-02-05 CVE-2003-1582 Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. Internet_information_server N/A
2007-05-30 CVE-2007-2897 Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a... Internet_information_server N/A
2004-08-06 CVE-2004-0205 Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S8100, Internet_information_server N/A
2003-06-09 CVE-2003-0225 The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. Internet_information_server, Internet_information_services N/A
2002-12-31 CVE-2002-1695 Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. Internet_information_server, Internet_information_services, Norton_internet_security N/A
2002-12-31 CVE-2002-1694 Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. Internet_information_server, Internet_information_services N/A
2002-07-03 CVE-2002-0364 Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." Internet_information_server, Internet_information_services N/A
2002-04-22 CVE-2002-0079 Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. Internet_information_server, Internet_information_services N/A
2002-04-22 CVE-2002-0071 Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Internet_information_server, Internet_information_services N/A
2001-07-04 CVE-2001-1243 Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. Internet_information_server, Internet_information_services N/A