Vulnerabilities > Microsoft > Internet Information Services

DATE CVE VULNERABILITY TITLE RISK
2004-11-03 CVE-2003-0718 Unspecified vulnerability in Microsoft products
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
network
low complexity
microsoft
5.0
2003-06-09 CVE-2003-0226 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
network
low complexity
microsoft
5.0
2003-06-09 CVE-2003-0225 Unspecified vulnerability in Microsoft products
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
network
low complexity
microsoft
5.0
2003-06-09 CVE-2003-0224 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
network
low complexity
microsoft
critical
10.0
2003-06-09 CVE-2003-0223 Unspecified vulnerability in Microsoft products
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
network
microsoft
6.8
2002-12-31 CVE-2002-1908 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
network
low complexity
microsoft
5.0
2002-12-31 CVE-2002-1790 Unspecified vulnerability in Microsoft products
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
network
low complexity
microsoft
5.0
2002-12-31 CVE-2002-1745 Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
network
low complexity
microsoft CWE-193
7.5
2002-12-31 CVE-2002-1744 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
network
low complexity
microsoft
5.0
2002-12-31 CVE-2002-1718 Information Exposure vulnerability in Microsoft Internet Information Services 5.1
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains ..
network
low complexity
microsoft CWE-200
5.0