Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Server
Subscriptions
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0087 | 1 Microsoft | 1 Internet Information Server | 2026-04-23 | N/A |
| Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal | ||||
| CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | ||||
| CVE-2009-3023 | 1 Microsoft | 6 Internet Information Server, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | N/A |
| Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." | ||||
| CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | ||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | ||||
| CVE-2007-2897 | 1 Microsoft | 1 Internet Information Server | 2026-04-23 | N/A |
| Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. | ||||
| CVE-2006-6579 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-23 | N/A |
| Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. | ||||
| CVE-1999-1478 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. | ||||
| CVE-1999-0874 | 1 Microsoft | 3 Internet Information Server, Windows 2000, Windows Nt | 2026-04-16 | N/A |
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | ||||
| CVE-2004-0205 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. | ||||
| CVE-2002-0149 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | ||||
| CVE-2002-0150 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. | ||||
| CVE-1999-0253 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | ||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | ||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | ||||
| CVE-2000-1147 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | ||||
| CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | ||||
| CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2026-04-16 | N/A |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | ||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2026-04-16 | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | ||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | ||||