Total
92 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | |||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | |||||
| CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2024-11-20 | 5.0 MEDIUM | N/A |
| IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | |||||
| CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | |||||
| CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 7.5 HIGH | N/A |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | |||||
| CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 7.5 HIGH | N/A |
| In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
| CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| Denial of service in IIS using long URLs. | |||||
| CVE-1999-0253 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 7.5 HIGH | N/A |
| IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | |||||
| CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | 10.0 HIGH | N/A |
| IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 5.0 MEDIUM | N/A |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | |||||
| CVE-2011-5279 | 1 Microsoft | 3 Internet Information Services, Windows 2000, Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. | |||||
| CVE-2014-4078 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.1 MEDIUM | N/A |
| The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability." | |||||