Microsoft

Internet Information Server

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-2678

  • EPSS 43.25%
  • Veröffentlicht 23.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

5

CVE-2003-0718

  • EPSS 82%
  • Veröffentlicht 03.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element...

7.2

CVE-2004-0205

  • EPSS 5.72%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

6.8

CVE-2003-0223

  • EPSS 8.34%
  • Veröffentlicht 09.06.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

5

CVE-2003-0225

  • EPSS 48.64%
  • Veröffentlicht 09.06.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory cons...

5

CVE-2002-1694

  • EPSS 1.6%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

5

CVE-2002-1695

  • EPSS 1.96%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

5

CVE-2002-1790

Exploit
  • EPSS 19.73%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

7.5

CVE-2002-0869

  • EPSS 29.63%
  • Veröffentlicht 12.11.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka...

6.8

CVE-2002-1181

  • EPSS 12.1%
  • Veröffentlicht 12.11.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IIS...