Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_services
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 90 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-04-22 | CVE-2002-0075 | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | Internet_information_server, Internet_information_services | N/A | ||
| 2014-04-23 | CVE-2011-5279 | CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. | Internet_information_services | N/A | ||
| 2009-12-29 | CVE-2009-4444 | Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file. | Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0149 | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0073 | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0150 | Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0147 | Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | Internet_information_server, Internet_information_services | N/A | ||
| 2008-10-15 | CVE-2008-1446 | Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." | Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0148 | Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | Internet_information_server, Internet_information_services | N/A | ||
| 2008-09-29 | CVE-2008-4300 | A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | Internet_information_services | N/A |