Vulnerabilities > Microsoft > Internet Information Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-04-22 | CVE-2002-0072 | Unspecified vulnerability in Microsoft products The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. | 5.0 |
| 2002-04-22 | CVE-2002-0071 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | 7.5 |
| 2001-12-11 | CVE-2001-1186 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. | 5.0 |
| 2001-11-20 | CVE-2001-0902 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | 7.5 |
| 2001-10-30 | CVE-2001-0544 | Denial of Service vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. | 2.1 |
| 2001-09-20 | CVE-2001-0508 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | 5.0 |
| 2001-09-20 | CVE-2001-0507 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | 7.2 |
| 2001-09-20 | CVE-2001-0506 | Buffer Overrun Privelege Elevation vulnerability in Microsoft products Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | 7.2 |
| 2001-07-04 | CVE-2001-1243 | Local DoS vulnerability in Microsoft products Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | 5.0 |
| 2001-06-02 | CVE-2001-0151 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | 5.0 |