CVE-2002-0148 – Microsoft IIS 4.0/5.0 - HTTP Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0148
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Vulnerabildad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar código arbitrario como otros usuarios mediatne una página de error HTTP. • https://www.exploit-db.com/exploits/21372 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8803.php http://www.kb.cert.org/vuls/id/886699 http://www.osvdb.org/3339 http://www.securityfocus.com/bid/4486 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg •
CVE-2002-0079 – Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow
https://notcve.org/view.php?id=CVE-2002-0079
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. Desbordamiento de buffer en el mecanismo de transferencia de codificación troceada (chunked encoding) en Active Server Pages (ASP) de Internet Information Server (IIS) 4.0 y 5.0, que permite a atacantes causar una denegación de servicio o ejecutar código arbitrario. • https://www.exploit-db.com/exploits/21369 https://www.exploit-db.com/exploits/21368 https://www.exploit-db.com/exploits/21370 https://www.exploit-db.com/exploits/21371 http://marc.info/?l=bugtraq&m=101846993304518&w=2 http://www.cert.org/advisories/CA-2002-09.html http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml http://www.iss.net/security_center/static/8795.php http://www.kb.cert.org/vuls/id/610291 http://www.securityfocus •
CVE-2001-1186 – Microsoft IIS 5.0 - False Content-Length Field Denial of Service
https://notcve.org/view.php?id=CVE-2001-1186
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. • https://www.exploit-db.com/exploits/21177 http://online.securityfocus.com/archive/1/244931 http://online.securityfocus.com/archive/1/245100 http://www.iss.net/security_center/static/7691.php http://www.securityfocus.com/archive/1/244892 http://www.securityfocus.com/bid/3667 •
CVE-2001-0902
https://notcve.org/view.php?id=CVE-2001-0902
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. • http://marc.info/?l=bugtraq&m=100626531103946&w=2 http://marc.info/?l=ntbugtraq&m=100627497122247&w=2 http://www.securityfocus.com/bid/6795 https://exchange.xforce.ibmcloud.com/vulnerabilities/7613 •
CVE-2001-0544
https://notcve.org/view.php?id=CVE-2001-0544
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. • http://www.ciac.org/ciac/bulletins/l-132.shtml http://www.securityfocus.com/bid/3195 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044 https://exchange.xforce.ibmcloud.com/vulnerabilities/6983 •