Microsoft

Internet Information Server

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2002-0149

  • EPSS 49.8%
  • Published 22.04.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

7.5

CVE-2002-0150

  • EPSS 67.62%
  • Published 22.04.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.

5

CVE-2001-0545

  • EPSS 16.16%
  • Published 30.10.2001 05:00:00
  • Last modified 03.04.2025 01:03:51

IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.

7.2

CVE-2001-0506

Exploit
  • EPSS 77.61%
  • Published 20.09.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevatio...

5

CVE-2001-0709

  • EPSS 26.03%
  • Published 20.09.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.

10

CVE-2001-0500

Exploit
  • EPSS 90.87%
  • Published 21.07.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data ...

5

CVE-2001-1243

Exploit
  • EPSS 19.54%
  • Published 04.07.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, ...

7.5

CVE-2001-0333

  • EPSS 84.47%
  • Published 27.06.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

7.5

CVE-2001-0334

  • EPSS 25.08%
  • Published 27.06.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

5

CVE-2001-0335

  • EPSS 37.01%
  • Published 27.06.2001 04:00:00
  • Last modified 03.04.2025 01:03:51

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.