Vulnerabilities > Microsoft > Internet Information Server > 6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-7269 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Information Server 6.0 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | 9.8 |
| 2010-09-15 | CVE-2010-1899 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'ASP pages are prohibited by default on IIS 6.0. | 4.3 |
| 2010-02-05 | CVE-2003-1582 | Cross-Site Scripting vulnerability in Microsoft Internet Information Server 6.0 Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | 2.6 |
| 2008-02-12 | CVE-2008-0075 | Code Injection vulnerability in Microsoft Internet Information Server 6.0 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | 10.0 |
| 2008-02-12 | CVE-2008-0074 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | 7.2 |
| 2007-05-30 | CVE-2007-2897 | Unspecified vulnerability in Microsoft Internet Information Server 6.0 Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. | 7.5 |
| 2007-03-16 | CVE-2007-1278 | Denial Of Service vulnerability in Adobe Coldfusion and Jrun Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | 4.3 |
| 2006-07-11 | CVE-2006-0026 | Unspecified vulnerability in Microsoft products Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). | 6.5 |
| 2005-08-23 | CVE-2005-2678 | Unspecified vulnerability in Microsoft products Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. | 5.0 |
| 2004-11-03 | CVE-2003-0718 | Unspecified vulnerability in Microsoft products The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | 5.0 |