Filtered by vendor Microsoft Subscriptions
Filtered by product Internet Information Server Subscriptions
Total 111 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-1999-0739 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
CVE-1999-0861 1 Microsoft 4 Commercial Internet System, Internet Information Server, Site Server and 1 more 2025-04-03 N/A
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVE-1999-0874 1 Microsoft 3 Internet Information Server, Windows 2000, Windows Nt 2025-04-03 N/A
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
CVE-1999-1011 1 Microsoft 4 Data Access Components, Index Server, Internet Information Server and 1 more 2025-04-03 N/A
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-1999-1478 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
CVE-1999-1538 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVE-2000-0024 1 Microsoft 3 Internet Information Server, Site Server, Site Server Commerce 2025-04-03 N/A
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
CVE-2000-0071 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVE-2000-0246 1 Microsoft 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more 2025-04-03 N/A
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
CVE-2000-0457 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
CVE-2000-0631 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
CVE-2000-0886 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
CVE-1999-0278 1 Microsoft 2 Internet Information Server, Windows Nt 2025-04-03 N/A
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVE-2002-0072 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
CVE-2002-0364 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
CVE-2002-1181 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
CVE-2002-1695 2 Microsoft, Symantec 3 Internet Information Server, Internet Information Services, Norton Internet Security 2025-04-03 N/A
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
CVE-2006-0026 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
CVE-2001-0336 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
CVE-1999-0348 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.