Page 2 of 46 results (0.007 seconds)

CVSS: 6.8EPSS: 5%CPEs: 2EXPL: 0

Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. Vulnerabilidad de secuencias de comandos en sitios cruzados en la función ASP responsable de la redirección en el Microsoft Internet Information Server (IIS) 4.0, 5.0, y 5.1 permite que atacantes remotos embeban una URL que contiene script en un mensaje de redirección. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66 •

CVSS: 5.0EPSS: 75%CPEs: 2EXPL: 0

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. La función ASP Response.AddHeader en Microsoft Internet Information Server (IIS) 4.0 y 5.0 no limita peticiones de memoria cuando se construyen los encabezamientos, lo que permite que atacantes remotos generen un encabezamiento largo que causa una denegación de servicio (agotamiento de memoria) con una página ASP. • http://marc.info/?l=ntbugtraq&m=105110606122772&w=2 http://www.aqtronix.com/Advisories/AQ-2003-01.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A373 •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. • https://www.exploit-db.com/exploits/21613 http://online.securityfocus.com/archive/1/281914 http://www.iss.net/security_center/static/9580.php http://www.securityfocus.com/bid/5213 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. • http://online.securityfocus.com/archive/1/250591 http://www.securityfocus.com/bid/3888 https://exchange.xforce.ibmcloud.com/vulnerabilities/7919 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. • http://online.securityfocus.com/archive/1/250591 http://www.securityfocus.com/bid/3888 https://exchange.xforce.ibmcloud.com/vulnerabilities/7919 •