Vulnerabilities > Microsoft > Internet Information Services > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-09-20 | CVE-2001-0508 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | 5.0 |
2001-07-04 | CVE-2001-1243 | Local DoS vulnerability in Microsoft products Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. | 5.0 |
2001-06-02 | CVE-2001-0151 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. | 5.0 |
2001-06-02 | CVE-2001-0146 | Invalid URL Request DoS vulnerability in Microsoft IIS IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | 5.0 |
2001-02-12 | CVE-2001-0096 | Unspecified vulnerability in Microsoft products FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. | 5.0 |
2001-02-12 | CVE-2001-0004 | Unspecified vulnerability in Microsoft products IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. | 5.0 |
2000-12-19 | CVE-2000-0951 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. | 5.0 |
2000-10-20 | CVE-2000-0770 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. | 6.4 |
2000-07-17 | CVE-2000-0630 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. | 5.0 |
2000-07-14 | CVE-2000-0631 | Unspecified vulnerability in Microsoft products An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. | 5.0 |