Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-04-22 | CVE-2002-0071 | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-07-04 | CVE-2001-1243 | Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-09-20 | CVE-2001-0709 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | Internet_information_server | N/A | ||
| 2001-10-30 | CVE-2001-0545 | IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | Internet_information_server | N/A | ||
| 2001-09-20 | CVE-2001-0506 | Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-07-21 | CVE-2001-0500 | Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | Index_server, Indexing_service, Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0337 | The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. | Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0336 | The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0335 | FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0333 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | Internet_information_server | N/A |