CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 5CVE-2011-5279
https://notcve.org/view.php?id=CVE-2011-5279
23 Apr 2014 — CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header. Vulnerabilidad de inyección CRLF en la implementación CGI en Microsoft Internet Information Services (IIS) 4.x y 5.x en Windows NT y Windows 2000 permite a atacantes remotos modificar variables de entorno en mayúsculas a través de una caract... • http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4445
https://notcve.org/view.php?id=CVE-2009-4445
29 Dec 2009 — Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerabil... • http://securitytracker.com/id?1023387 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 92%CPEs: 2EXPL: 0CVE-2009-4444
https://notcve.org/view.php?id=CVE-2009-4444
29 Dec 2009 — Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file. Microsoft Internet Information Services (IIS) 5.x y 6.x usa só... • http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx •
CVSS: 6.5EPSS: 93%CPEs: 1EXPL: 3CVE-2009-2521 – Microsoft IIS 5.0/6.0 FTP Server - Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2009-2521
04 Sep 2009 — Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." Una vulnerabilidad de consumo de pila en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 7.0, permite a los usuarios autenticado... • https://packetstorm.news/files/id/180573 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 16%CPEs: 2EXPL: 3CVE-2009-1122 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1122
10 Jun 2009 — The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. La extension WebDAV en Microsoft Internet Information Services (IIS) v5.0 on Windows 2000 SP4 no decodifica adecuadamente las URLs, lo que permite a atacantes remot... • https://packetstorm.news/files/id/181127 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 69%CPEs: 8EXPL: 4CVE-2009-1535 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1535
10 Jun 2009 — The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than... • https://packetstorm.news/files/id/181127 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2003-1567
https://notcve.org/view.php?id=CVE-2003-1567
15 Jan 2009 — The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. El método no documentado TRACK en Microsoft Internet I... • http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 4CVE-2003-1566 – Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests
https://notcve.org/view.php?id=CVE-2003-1566
15 Jan 2009 — Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. Microsoft Internet Information Services (IIS) v5.0 no registra las peticiones que usan el método TRACK, lo que permite a atacantes remotos obtener información sensible sin ser detectados. • https://www.exploit-db.com/exploits/23490 • CWE-16: Configuration •
CVSS: 9.0EPSS: 95%CPEs: 8EXPL: 0CVE-2008-1446
https://notcve.org/view.php?id=CVE-2008-1446
15 Oct 2008 — Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." Desbordamiento de entero en la extensión Internet Printing P... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0074
https://notcve.org/view.php?id=CVE-2008-0074
12 Feb 2008 — Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. Vulnerabilidad no especificada en Microsoft Internet Information Services (IIS) de 5.0 a 7.0. Permite a usuarios locales conseguir privilegios a través de vectores desconocidos relacionados a notificaciones de cambios de archivos en las carpetas TPRoot, NNTPFile\Root, or WWWR... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-264: Permissions, Privileges, and Access Controls •