Vulnerabilities > Microsoft > Internet Information Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1717 | Information Exposure vulnerability in Microsoft Internet Information Services 5.1 Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | 5.0 |
| 2002-12-31 | CVE-2002-1700 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | 4.3 |
| 2002-12-31 | CVE-2002-1695 | Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. | 5.0 |
| 2002-12-31 | CVE-2002-1694 | Unspecified vulnerability in Microsoft products Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | 5.0 |
| 2002-11-12 | CVE-2002-1182 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | 5.0 |
| 2002-11-12 | CVE-2002-1181 | Unspecified vulnerability in Microsoft products Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. network microsoft | 6.8 |
| 2002-11-12 | CVE-2002-1180 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | 7.5 |
| 2002-11-12 | CVE-2002-0869 | Unspecified vulnerability in Microsoft products Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | 7.5 |
| 2002-08-12 | CVE-2002-0422 | Information Exposure vulnerability in Microsoft Internet Information Services 5.0 IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | 2.6 |
| 2002-08-12 | CVE-2002-0419 | Information Exposure vulnerability in Microsoft products Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. | 5.0 |