Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 1999-12-21 | CVE-2000-0025 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | Internet_information_server, Site_server, Site_server_commerce | N/A | ||
| 1999-12-21 | CVE-2000-0024 | IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | Internet_information_server, Site_server, Site_server_commerce | N/A | ||
| 2000-10-20 | CVE-2000-0746 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | Frontpage, Internet_information_server, Internet_information_services | N/A | ||
| 2009-08-31 | CVE-2009-3023 | Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." | Internet_information_server | N/A | ||
| 2017-03-27 | CVE-2017-7269 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | Internet_information_server | 9.8 | ||
| 1997-01-01 | CVE-1999-0253 | IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | Internet_information_server, Internet_information_services | N/A | ||
| 1997-06-01 | CVE-1999-0281 | Denial of service in IIS using long URLs. | Internet_information_server, Internet_information_services | N/A | ||
| 1998-02-06 | CVE-1999-0012 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | Frontpage, Internet_information_server, Personal_web_server, Enterprise_server, Fasttrack_server | N/A | ||
| 1999-01-01 | CVE-1999-0448 | IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | Internet_information_server | N/A | ||
| 1999-05-12 | CVE-1999-0229 | Denial of service in Windows NT IIS server using ..\.. | Internet_information_server | N/A |