Vulnerabilities > Microsoft > Internet Information Services > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1700 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | 4.3 |
| 2002-12-31 | CVE-2002-1695 | Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. | 5.0 |
| 2002-12-31 | CVE-2002-1694 | Unspecified vulnerability in Microsoft products Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. | 5.0 |
| 2002-11-12 | CVE-2002-1182 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | 5.0 |
| 2002-11-12 | CVE-2002-1181 | Unspecified vulnerability in Microsoft products Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. network microsoft | 6.8 |
| 2002-08-12 | CVE-2002-0419 | Information Exposure vulnerability in Microsoft products Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. | 5.0 |
| 2002-05-16 | CVE-2002-0224 | Denial of Service vulnerability in Microsoft products The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. | 5.0 |
| 2002-04-22 | CVE-2002-0073 | Unspecified vulnerability in Microsoft products The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | 5.0 |
| 2002-04-22 | CVE-2002-0072 | Unspecified vulnerability in Microsoft products The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. | 5.0 |
| 2001-12-11 | CVE-2001-1186 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. | 5.0 |