Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 1999-01-01 | CVE-1999-0448 | IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | Internet_information_server | N/A | ||
| 1999-05-12 | CVE-1999-0229 | Denial of service in Windows NT IIS server using ..\.. | Internet_information_server | N/A | ||
| 1999-12-31 | CVE-1999-0154 | IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | Internet_information_server, Internet_information_services | N/A | ||
| 2000-01-21 | CVE-2000-0115 | IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | Internet_information_server | N/A | ||
| 2000-01-26 | CVE-2000-0126 | Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | Internet_information_server | N/A | ||
| 2000-02-02 | CVE-2000-0114 | Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | Internet_information_server | N/A | ||
| 2008-02-12 | CVE-2008-0074 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | Internet_information_server, Internet_information_services | N/A | ||
| 2010-09-15 | CVE-2010-1899 | Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." | Internet_information_server, Internet_information_services | N/A | ||
| 2008-02-12 | CVE-2008-0075 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | Internet_information_server | N/A | ||
| 2002-04-22 | CVE-2002-0075 | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | Internet_information_server, Internet_information_services | N/A |