CVSS: 5.0EPSS: 94%CPEs: 2EXPL: 1CVE-2003-0718 – Microsoft IIS - WebDAV XML Denial of Service (MS04-030)
https://notcve.org/view.php?id=CVE-2003-0718
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML conteniendo elementos XML con un gran número de atributos. • https://www.exploit-db.com/exploits/585 http://marc.info/?l=bugtraq&m=109762641822064&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/17645 https://exchange.xforce.ibmcloud.com/vulnerabilities/17656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427 https://oval.cisecurity.org/repos •
CVSS: 6.8EPSS: 5%CPEs: 2EXPL: 0CVE-2003-0223
https://notcve.org/view.php?id=CVE-2003-0223
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. Vulnerabilidad de secuencias de comandos en sitios cruzados en la función ASP responsable de la redirección en el Microsoft Internet Information Server (IIS) 4.0, 5.0, y 5.1 permite que atacantes remotos embeban una URL que contiene script en un mensaje de redirección. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66 •
CVSS: 5.0EPSS: 75%CPEs: 2EXPL: 0CVE-2003-0225
https://notcve.org/view.php?id=CVE-2003-0225
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. La función ASP Response.AddHeader en Microsoft Internet Information Server (IIS) 4.0 y 5.0 no limita peticiones de memoria cuando se construyen los encabezamientos, lo que permite que atacantes remotos generen un encabezamiento largo que causa una denegación de servicio (agotamiento de memoria) con una página ASP. • http://marc.info/?l=ntbugtraq&m=105110606122772&w=2 http://www.aqtronix.com/Advisories/AQ-2003-01.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A373 •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2CVE-2002-1790 – Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
https://notcve.org/view.php?id=CVE-2002-1790
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. • https://www.exploit-db.com/exploits/21613 http://online.securityfocus.com/archive/1/281914 http://www.iss.net/security_center/static/9580.php http://www.securityfocus.com/bid/5213 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1694
https://notcve.org/view.php?id=CVE-2002-1694
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. • http://online.securityfocus.com/archive/1/250591 http://www.securityfocus.com/bid/3888 https://exchange.xforce.ibmcloud.com/vulnerabilities/7919 •