Product:

Internet_information_services

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 90
Date Id Summary Products Score Patch Annotated
2008-09-29 CVE-2008-4301 A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous Internet_information_services N/A
2002-12-31 CVE-2002-1745 Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. Internet_information_services 7.5
2005-07-05 CVE-2005-2089 Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." Internet_information_services N/A
1996-02-25 CVE-1999-0233 IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. Internet_information_services N/A
2000-10-20 CVE-2000-0778 IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. Internet_information_services N/A
2000-10-20 CVE-2000-0746 Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. Frontpage, Internet_information_server, Internet_information_services N/A
2009-09-04 CVE-2009-2521 Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." Internet_information_services N/A
1997-01-01 CVE-1999-0253 IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. Internet_information_server, Internet_information_services N/A
1997-06-01 CVE-1999-0281 Denial of service in IIS using long URLs. Internet_information_server, Internet_information_services N/A
1999-12-31 CVE-1999-0154 IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. Internet_information_server, Internet_information_services N/A