microsoft internet information services 5.0 vulnerabilities and exploits

(subscribe to this query)

Microsoft IIS 5.0 and 6.0 allows remote malicious users to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to inco...

Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 6.0

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote malicious users to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

Microsoft Internet Information Services 4.0 Microsoft Internet Information Services 5.0

Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote malicious users to bypass intended extension restrictions of third-party upload applications via a f...

Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 6.0

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

Microsoft Internet Information Server 3.0 Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 2.0 Microsoft Internet Information Services 5.0

1 EDB exploit

IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

Microsoft Internet Information Server 3.0 Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 2.0 Microsoft Internet Information Services 5.0

1 EDB exploit1 Metasploit module8 Github repositories

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote malicious users to modify the log file contents while IIS is running.

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 up to and including 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

Microsoft Internet Information Server 6.0 Microsoft Internet Information Services 5.0

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote malicious users to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injectin...

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

2 EDB exploits

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote malicious users to execute arbitrary code via crafted Active Server Pages (ASP).

Microsoft Internet Information Server 6.0 Microsoft Internet Information Services 5.0

1 EDB exploit

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote malicious users to generate a large header to cause a denial of service (memory consumption) with an ASP pag...

Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook