Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_services
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 90 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-09-29 | CVE-2008-4301 | A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous | Internet_information_services | N/A | ||
| 2002-12-31 | CVE-2002-1745 | Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | Internet_information_services | 7.5 | ||
| 2005-07-05 | CVE-2005-2089 | Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | Internet_information_services | N/A | ||
| 1996-02-25 | CVE-1999-0233 | IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | Internet_information_services | N/A | ||
| 2000-10-20 | CVE-2000-0778 | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. | Internet_information_services | N/A | ||
| 2000-10-20 | CVE-2000-0746 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | Frontpage, Internet_information_server, Internet_information_services | N/A | ||
| 2009-09-04 | CVE-2009-2521 | Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." | Internet_information_services | N/A | ||
| 1997-01-01 | CVE-1999-0253 | IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | Internet_information_server, Internet_information_services | N/A | ||
| 1997-06-01 | CVE-1999-0281 | Denial of service in IIS using long URLs. | Internet_information_server, Internet_information_services | N/A | ||
| 1999-12-31 | CVE-1999-0154 | IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | Internet_information_server, Internet_information_services | N/A |