Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_services
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 91 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-27 | CVE-2017-7269 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | Internet_information_services | 9.8 | ||
| 2008-09-29 | CVE-2008-4301 | A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous | Internet_information_services | N/A | ||
| 2002-12-31 | CVE-2002-1745 | Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | Internet_information_services | 7.5 | ||
| 2005-07-05 | CVE-2005-2089 | Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | Internet_information_services | N/A | ||
| 1996-02-25 | CVE-1999-0233 | IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | Internet_information_services | N/A | ||
| 2000-10-20 | CVE-2000-0778 | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. | Internet_information_services | N/A | ||
| 2000-10-20 | CVE-2000-0746 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | Frontpage, Internet_information_server, Internet_information_services | N/A | ||
| 2009-09-04 | CVE-2009-2521 | Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." | Internet_information_services | N/A | ||
| 1997-01-01 | CVE-1999-0253 | IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | Internet_information_server, Internet_information_services | N/A | ||
| 1997-06-01 | CVE-1999-0281 | Denial of service in IIS using long URLs. | Internet_information_server, Internet_information_services | N/A |