Vulnerabilities > Microsoft > Internet Information Services > 5.0

DATE CVE VULNERABILITY TITLE RISK
2002-04-22 CVE-2002-0071 Buffer Overflow vulnerability in Microsoft products
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
network
low complexity
microsoft
7.5
2001-12-11 CVE-2001-1186 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
network
low complexity
microsoft
5.0
2001-11-20 CVE-2001-0902 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
network
low complexity
microsoft
7.5
2001-10-30 CVE-2001-0544 Denial of Service vulnerability in Microsoft Internet Information Services 5.0
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
local
low complexity
microsoft
2.1
2001-09-20 CVE-2001-0508 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
network
low complexity
microsoft
5.0
2001-09-20 CVE-2001-0507 Unspecified vulnerability in Microsoft Internet Information Services 5.0
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
local
low complexity
microsoft
7.2
2001-09-20 CVE-2001-0506 Buffer Overrun Privelege Elevation vulnerability in Microsoft products
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
local
low complexity
microsoft
7.2
2001-07-04 CVE-2001-1243 Local DoS vulnerability in Microsoft products
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
network
low complexity
microsoft
5.0
2001-06-02 CVE-2001-0151 Unspecified vulnerability in Microsoft Internet Information Services 5.0
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
network
low complexity
microsoft
5.0
2001-06-02 CVE-2001-0146 Invalid URL Request DoS vulnerability in Microsoft IIS
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
network
low complexity
microsoft
5.0