Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Server
Subscriptions
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | ||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2026-04-16 | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | ||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | ||||
| CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | ||||
| CVE-1999-0191 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| IIS newdsn.exe CGI script allows remote users to overwrite files. | ||||
| CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | ||||
| CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | ||||
| CVE-1999-0278 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2026-04-16 | N/A |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | ||||
| CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2026-04-16 | N/A |
| IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | ||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | ||||
| CVE-2000-0457 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. | ||||
| CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | ||||
| CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | ||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | ||||
| CVE-2005-2678 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | ||||
| CVE-2001-0500 | 1 Microsoft | 3 Index Server, Indexing Service, Internet Information Server | 2026-04-16 | N/A |
| Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | ||||
| CVE-1999-1537 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. | ||||
| CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Denial of service in IIS using long URLs. | ||||
| CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | ||||
| CVE-2002-0364 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | ||||