Vulnerabilities > Microsoft > Internet Information Server > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-22 | CVE-2013-0941 | Cryptographic Issues vulnerability in RSA products EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | 2.1 |
2010-02-05 | CVE-2003-1582 | Cross-Site Scripting vulnerability in Microsoft Internet Information Server 6.0 Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | 2.6 |
2000-07-13 | CVE-2000-0649 | Information Exposure vulnerability in Microsoft products IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | 2.6 |
2000-02-15 | CVE-2000-0167 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | 2.1 |
1999-01-14 | CVE-1999-1538 | Remote Web-Based Administration vulnerability in Microsoft Internet Information Server 4.0 When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | 2.1 |