Vulnerabilities > Microsoft > Internet Information Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-1790 | Unspecified vulnerability in Microsoft products The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | 5.0 |
2002-12-31 | CVE-2002-1695 | Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. | 5.0 |
2002-12-31 | CVE-2002-1694 | Unspecified vulnerability in Microsoft products Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | 5.0 |
2002-11-12 | CVE-2002-1181 | Unspecified vulnerability in Microsoft products Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. network microsoft | 6.8 |
2002-08-12 | CVE-2002-0419 | Information Exposure vulnerability in Microsoft products Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. | 5.0 |
2002-04-22 | CVE-2002-0073 | Unspecified vulnerability in Microsoft products The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | 5.0 |
2002-04-22 | CVE-2002-0072 | Unspecified vulnerability in Microsoft products The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. | 5.0 |
2001-10-30 | CVE-2001-0545 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. | 5.0 |
2001-09-20 | CVE-2001-0709 | Unspecified vulnerability in Microsoft Internet Information Server Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | 5.0 |
2001-07-04 | CVE-2001-1243 | Local DoS vulnerability in Microsoft products Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | 5.0 |