Microsoft

Internet Information Server

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-2678

  • EPSS 43.25%
  • Published 23.08.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

5

CVE-2003-0718

  • EPSS 82%
  • Published 03.11.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element...

7.2

CVE-2004-0205

  • EPSS 5.72%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

6.8

CVE-2003-0223

  • EPSS 8.34%
  • Published 09.06.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

5

CVE-2003-0225

  • EPSS 48.64%
  • Published 09.06.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory cons...

5

CVE-2002-1694

  • EPSS 1.6%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

5

CVE-2002-1695

  • EPSS 1.96%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

5

CVE-2002-1790

Exploit
  • EPSS 19.73%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

7.5

CVE-2002-0869

  • EPSS 29.63%
  • Published 12.11.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka...

6.8

CVE-2002-1181

  • EPSS 12.1%
  • Published 12.11.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IIS...