National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:microsoft:internet_information_server:4.0:alpha
There are 97 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2002-0072

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0073

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0074

Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0075

Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0079

Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0147

Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0148

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0149

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0150

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.

Published: April 22, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0545

IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.

Published: October 30, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0506

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

Published: September 20, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.

Published: September 20, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1243

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Published: July 04, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0333

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0334

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0335

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0336

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0337

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.

Published: February 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

Published: February 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM