Microsoft

Internet Information Services

91 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2002-0079

  • EPSS 84.92%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

7.5

CVE-2002-0075

  • EPSS 67.56%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

7.5

CVE-2002-0074

  • EPSS 67.56%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

5

CVE-2002-0073

  • EPSS 67.12%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.

5

CVE-2002-0072

  • EPSS 30.98%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial o...

7.5

CVE-2002-0071

  • EPSS 67.64%
  • Veröffentlicht 22.04.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

5

CVE-2001-1186

Exploit
  • EPSS 25.18%
  • Veröffentlicht 11.12.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

7.5

CVE-2001-0902

  • EPSS 41.28%
  • Veröffentlicht 20.11.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.

2.1

CVE-2001-0544

  • EPSS 1.4%
  • Veröffentlicht 30.10.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.

5

CVE-2001-0508

  • EPSS 46.93%
  • Veröffentlicht 20.09.2001 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.