CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Internet Information Server » 4.0 : Security Vulnerabilities (Overflow)

Cpe Name:cpe:/a:microsoft:internet_information_server:4.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-0205 Exec Code Overflow 2004-08-06 2018-10-12
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
2 CVE-2002-0364 Exec Code Overflow 2002-07-03 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
3 CVE-2002-0150 DoS Exec Code Overflow 2002-04-22 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
4 CVE-2002-0149 DoS Exec Code Overflow 2002-04-22 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
5 CVE-2002-0147 DoS Exec Code Overflow 2002-04-22 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
6 CVE-2002-0079 DoS Exec Code Overflow 2002-04-22 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
7 CVE-2002-0071 DoS Exec Code Overflow 2002-04-22 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
8 CVE-2001-0506 Overflow +Priv 2001-09-20 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
9 CVE-2000-1147 Exec Code Overflow 2001-01-09 2017-12-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
10 CVE-2000-0226 DoS Overflow 2000-03-20 2018-10-12
5.0
None Remote Low Not required None None Partial
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
11 CVE-1999-1544 DoS Overflow 1999-01-24 2016-10-17
5.0
None Remote Low Not required None None Partial
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
12 CVE-1999-1376 Exec Code Overflow 1999-01-14 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
13 CVE-1999-0874 119 DoS Overflow 1999-06-16 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
14 CVE-1999-0349 119 DoS Exec Code Overflow 1999-01-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.