Microsoft

Internet Information Services

91 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 29.34%
  • Veröffentlicht 10.05.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:26

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.

  • EPSS 43.89%
  • Veröffentlicht 06.05.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:39

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that rev...

  • EPSS 19.61%
  • Veröffentlicht 12.04.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:20

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

  • EPSS 79.98%
  • Veröffentlicht 30.03.2000 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:18

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

  • EPSS 28.06%
  • Veröffentlicht 11.01.2000 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:50:56

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

  • EPSS 40.02%
  • Veröffentlicht 31.12.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:47:42

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.

  • EPSS 10.24%
  • Veröffentlicht 19.02.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:20

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

  • EPSS 19.03%
  • Veröffentlicht 26.01.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:25

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

  • EPSS 12.59%
  • Veröffentlicht 01.06.1997 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:03

Denial of service in IIS using long URLs.

  • EPSS 7.95%
  • Veröffentlicht 01.01.1997 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:00

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.