cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*

CVE-2017-7269

Known exploited
Public exploit
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
Max CVSS
10.0
EPSS Score
97.12%
Published
2017-03-27
Updated
2019-07-03
CISA KEV Added
2021-11-03

CVE-2010-1899

Public exploit
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
Max CVSS
4.3
EPSS Score
96.96%
Published
2010-09-15
Updated
2021-02-05
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
Max CVSS
8.5
EPSS Score
8.88%
Published
2010-06-08
Updated
2023-12-07

CVE-2009-3023

Public exploit
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
Max CVSS
9.0
EPSS Score
96.97%
Published
2009-08-31
Updated
2021-02-05
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
Max CVSS
10.0
EPSS Score
60.70%
Published
2008-02-12
Updated
2020-11-23
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-02-12
Updated
2021-02-05
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
Max CVSS
7.5
EPSS Score
86.74%
Published
2007-05-30
Updated
2017-07-29
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
Max CVSS
6.5
EPSS Score
96.30%
Published
2006-07-11
Updated
2020-11-23
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
Max CVSS
5.0
EPSS Score
16.12%
Published
2005-08-23
Updated
2020-11-23
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Max CVSS
2.6
EPSS Score
0.43%
Published
2010-02-05
Updated
2019-07-03
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
Max CVSS
5.0
EPSS Score
94.65%
Published
2004-11-03
Updated
2020-11-23

CVE-2001-0500

Public exploit
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
Max CVSS
10.0
EPSS Score
96.73%
Published
2001-07-21
Updated
2018-10-12
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!