Vulnerabilities > Microsoft > Internet Information Server > 3.0

DATE CVE VULNERABILITY TITLE RISK
2006-12-15 CVE-2006-6579 Unspecified vulnerability in Microsoft products
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
local
microsoft
4.4
2001-09-20 CVE-2001-0709 Unspecified vulnerability in Microsoft Internet Information Server
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
network
low complexity
microsoft
5.0
2001-06-27 CVE-2001-0337 Denial-Of-Service vulnerability in IIS Far East Edition
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
network
low complexity
microsoft
5.0
2001-06-27 CVE-2001-0336 Denial-Of-Service vulnerability in IIS Far East Edition
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
network
low complexity
microsoft
5.0
2001-06-27 CVE-2001-0335 Unspecified vulnerability in Microsoft Internet Information Server
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
network
low complexity
microsoft
5.0
2001-06-27 CVE-2001-0334 Incorrect Calculation of Buffer Size vulnerability in Microsoft Internet Information Server
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
network
low complexity
microsoft CWE-131
7.5
2001-06-27 CVE-2001-0333 Unspecified vulnerability in Microsoft Internet Information Server
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding ..
network
low complexity
microsoft
7.5
2000-07-14 CVE-2000-0631 Unspecified vulnerability in Microsoft products
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
network
low complexity
microsoft
5.0
2000-07-13 CVE-2000-0649 Information Exposure vulnerability in Microsoft products
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
network
high complexity
microsoft CWE-200
2.6
2000-02-02 CVE-2000-0114 Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
network
low complexity
microsoft
5.0