Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information services 4.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 4.0
1 EDB exploit
2.6
CVSSv2
CVE-2000-0649
IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Metasploit module
7 Github repositories
4.4
CVSSv2
CVE-2006-6579
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
5
CVSSv2
CVE-2000-0258
IIS 4.0 and 5.0 allows remote malicious users to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
6.8
CVSSv2
CVE-2002-1181
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 up to and including 5.1 allow remote malicious users to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
7.5
CVSSv2
CVE-2000-0886
IIS 5.0 allows remote malicious users to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
7.5
CVSSv2
CVE-2000-0970
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote malicious users to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerab...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
5
CVSSv2
CVE-2002-1694
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while IIS is running.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
5
CVSSv2
CVE-2000-0408
IIS 4.05 and 5.0 allow remote malicious users to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
5
CVSSv2
CVE-2001-0096
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote malicious users to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »