Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2001-09-20 | CVE-2001-0506 | Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-07-21 | CVE-2001-0500 | Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | Index_server, Indexing_service, Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0337 | The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. | Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0336 | The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0335 | FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | Internet_information_server | N/A | ||
| 2001-06-27 | CVE-2001-0333 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | Internet_information_server | N/A | ||
| 2001-02-12 | CVE-2001-0096 | FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-02-12 | CVE-2001-0004 | IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-01-09 | CVE-2000-1147 | Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | Internet_information_server | N/A | ||
| 2001-01-09 | CVE-2000-1104 | Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. | Internet_information_server, Internet_information_services | N/A |