Product:

Internet_information_server

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 108
Date Id Summary Products Score Patch Annotated
2001-09-20 CVE-2001-0709 Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. Internet_information_server N/A
2001-10-30 CVE-2001-0545 IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. Internet_information_server N/A
2001-09-20 CVE-2001-0506 Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. Internet_information_server, Internet_information_services N/A
2001-07-21 CVE-2001-0500 Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. Index_server, Indexing_service, Internet_information_server N/A
2001-06-27 CVE-2001-0337 The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. Internet_information_server N/A
2001-06-27 CVE-2001-0336 The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. Internet_information_server N/A
2001-06-27 CVE-2001-0335 FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. Internet_information_server N/A
2001-06-27 CVE-2001-0333 Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. Internet_information_server N/A
2001-02-12 CVE-2001-0096 FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. Internet_information_server, Internet_information_services N/A
2001-02-12 CVE-2001-0004 IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. Internet_information_server, Internet_information_services N/A