Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-01-05 | CVE-2007-0087 | Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would... | Internet_information_server | N/A | ||
| 2017-03-27 | CVE-2017-7269 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | Internet_information_server | 9.8 | ||
| 2001-06-27 | CVE-2001-0334 | FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | Internet_information_server | 7.5 | ||
| 2010-06-08 | CVE-2010-1256 | Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." | Internet_information_server | N/A | ||
| 1999-01-27 | CVE-1999-0349 | A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | Internet_information_server | N/A | ||
| 1999-01-27 | CVE-1999-0348 | IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | Internet_information_server | N/A | ||
| 1999-06-16 | CVE-1999-0874 | Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | Internet_information_server, Windows_2000, Windows_nt | N/A | ||
| 1999-08-11 | CVE-1999-0867 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | Commercial_internet_system, Internet_information_server, Site_server | N/A | ||
| 1999-08-11 | CVE-1999-0861 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | Commercial_internet_system, Internet_information_server, Site_server, Site_server_commerce | N/A | ||
| 1999-08-19 | CVE-1999-0725 | When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | Internet_information_server | N/A |