Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Services
Subscriptions
Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1446 | 1 Microsoft | 4 Internet Information Services, Windows 2000, Windows Server 2003 and 1 more | 2025-04-09 | N/A |
| Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." | ||||
| CVE-2009-4445 | 1 Microsoft | 1 Internet Information Services | 2025-04-09 | N/A |
| Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon. | ||||
| CVE-2001-0507 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | ||||
| CVE-2001-0151 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | ||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | ||||
| CVE-2002-1744 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). | ||||
| CVE-2002-1908 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. | ||||
| CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | ||||
| CVE-2003-0225 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. | ||||
| CVE-2003-0226 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. | ||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. | ||||
| CVE-2001-0146 | 1 Microsoft | 2 Exchange Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | ||||
| CVE-2002-1700 | 2 Macromedia, Microsoft | 3 Coldfusion, Internet Information Services, Windows 2000 | 2025-04-03 | N/A |
| Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | ||||
| CVE-2002-1182 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | ||||
| CVE-2001-0096 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. | ||||
| CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | ||||
| CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | ||||
| CVE-2002-0149 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | ||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | ||||
| CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | ||||