Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information server 5.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-0071
IIS 4.0 allows a remote malicious user to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
NA
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote malicious users to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
NA
CVE-2000-1090
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote malicious users to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 5.0
NA
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Microsoft Internet Information Server 3.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 4.0
1 EDB exploit
NA
CVE-2000-0649
IIS 4.0 allows remote malicious users to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
1 EDB exploit
1 Metasploit module
7 Github repositories
NA
CVE-2001-1243
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote malicious users to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injectin...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
2 EDB exploits
NA
CVE-2003-0718
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote malicious users to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of...
Microsoft Internet Information Server 6.0
Microsoft Internet Information Services 5.0
1 EDB exploit
NA
CVE-2000-0970
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote malicious users to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerab...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
NA
CVE-2002-1181
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 up to and including 5.1 allow remote malicious users to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
NA
CVE-2000-1104
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. T...
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »