Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_services
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 90 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-12-31 | CVE-2002-1694 | Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-11-12 | CVE-2002-1180 | A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | Internet_information_services | N/A | ||
| 2002-07-03 | CVE-2002-0364 | Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0079 | Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | Internet_information_server, Internet_information_services | N/A | ||
| 2002-04-22 | CVE-2002-0071 | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-07-04 | CVE-2001-1243 | Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | Internet_information_server, Internet_information_services | N/A | ||
| 2001-12-11 | CVE-2001-1186 | Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. | Internet_information_services | N/A | ||
| 2001-11-20 | CVE-2001-0902 | Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | Internet_information_services | N/A | ||
| 2001-10-30 | CVE-2001-0544 | IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. | Internet_information_services | N/A | ||
| 2001-09-20 | CVE-2001-0508 | Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | Internet_information_services | N/A |