Product:

Internet_information_server

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 108
Date Id Summary Products Score Patch Annotated
2000-05-11 CVE-2000-0408 IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. Internet_information_server, Internet_information_services N/A
2000-05-10 CVE-2000-0304 Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. Internet_information_server, Internet_information_services N/A
2000-04-12 CVE-2000-0258 IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. Internet_information_server, Internet_information_services 7.5
2000-03-30 CVE-2000-0246 IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. Commercial_internet_system, Internet_information_server, Internet_information_services, Proxy_server, Site_server, Site_server_commerce N/A
2000-03-20 CVE-2000-0226 IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." Internet_information_server N/A
2000-02-15 CVE-2000-0167 IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. Internet_information_server N/A
2000-01-11 CVE-2000-0071 IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. Internet_information_server, Internet_information_services N/A
1999-12-31 CVE-1999-1591 Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. Internet_information_server, Visual_interdev N/A
1999-01-24 CVE-1999-1544 Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. Internet_information_server N/A
1999-01-14 CVE-1999-1538 When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. Internet_information_server N/A