Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Server
Subscriptions
Total
112 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-08 | N/A |
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | ||||
CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2024-08-08 | N/A |
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | ||||
CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-08 | N/A |
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | ||||
CVE-2000-0226 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." | ||||
CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | ||||
CVE-2000-0167 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | ||||
CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | ||||
CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-08 | N/A |
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | ||||
CVE-2000-0114 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | ||||
CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2024-08-08 | N/A |
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | ||||
CVE-2000-0025 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2024-08-08 | N/A |
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | ||||
CVE-2001-1243 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-08 | N/A |
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | ||||
CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | ||||
CVE-2001-0545 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | ||||
CVE-2001-0500 | 1 Microsoft | 3 Index Server, Indexing Service, Internet Information Server | 2024-08-08 | N/A |
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | ||||
CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-08-08 | N/A |
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | ||||
CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | ||||
CVE-2001-0334 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | 7.5 High |
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | ||||
CVE-2001-0336 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | ||||
CVE-2001-0333 | 1 Microsoft | 1 Internet Information Server | 2024-08-08 | N/A |
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. |