Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-08-06 | CVE-2004-0205 | Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. | Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S8100, Internet_information_server | N/A | ||
| 2003-06-09 | CVE-2003-0225 | The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-12-31 | CVE-2002-1695 | Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. | Internet_information_server, Internet_information_services, Norton_internet_security | N/A | ||
| 2002-12-31 | CVE-2002-1694 | Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-07-03 | CVE-2002-0364 | Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0079 | Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0071 | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-07-04 | CVE-2001-1243 | Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-09-20 | CVE-2001-0709 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | Internet_information_server | N/A | ||
| 2001-10-30 | CVE-2001-0545 | IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | Internet_information_server | N/A |