CVSS: 8.4EPSS: 89%CPEs: 2EXPL: 1CVE-2006-0026 – Microsoft IIS - ASP Stack Overflow (MS06-034)
https://notcve.org/view.php?id=CVE-2006-0026
11 Jul 2006 — Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 •
CVSS: 7.5EPSS: 61%CPEs: 2EXPL: 0CVE-2005-2678
https://notcve.org/view.php?id=CVE-2005-2678
23 Aug 2005 — Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html •
CVSS: 6.1EPSS: 54%CPEs: 2EXPL: 0CVE-2005-2089
https://notcve.org/view.php?id=CVE-2005-2089
30 Jun 2005 — Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 82%CPEs: 2EXPL: 1CVE-2003-0718 – Microsoft IIS - WebDAV XML Denial of Service (MS04-030)
https://notcve.org/view.php?id=CVE-2003-0718
16 Oct 2004 — The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML co... • https://www.exploit-db.com/exploits/585 •
CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 0CVE-2003-0223
https://notcve.org/view.php?id=CVE-2003-0223
30 May 2003 — Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. Vulnerabilidad de secuencias de comandos en sitios cruzados en la función ASP responsable de la redirección en el Microsoft Internet Information Server (IIS) 4.0, 5.0, y 5.1 permite que atacantes remotos embeban una URL que contiene script en un mensaje de redirección. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 •
CVSS: 10.0EPSS: 13%CPEs: 1EXPL: 0CVE-2003-0224
https://notcve.org/view.php?id=CVE-2003-0224
30 May 2003 — Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." Desbordamiento de búfer en la componente que sirve páginas web estáticas en Microsoft Internet Information Services (IIS) 5.0 permite que atacantes remotos ejecuten código arbitrario con permisos de nivel usuario mediante un página web SHTML. • http://marc.info/?l=ntbugtraq&m=105431767100944&w=2 •
CVSS: 7.5EPSS: 42%CPEs: 2EXPL: 0CVE-2003-0225
https://notcve.org/view.php?id=CVE-2003-0225
30 May 2003 — The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. La función ASP Response.AddHeader en Microsoft Internet Information Server (IIS) 4.0 y 5.0 no limita peticiones de memoria cuando se construyen los encabezamientos, lo que permite que atacantes remotos generen un encabezamiento largo q... • http://marc.info/?l=ntbugtraq&m=105110606122772&w=2 •
CVSS: 7.5EPSS: 53%CPEs: 1EXPL: 2CVE-2003-0226 – Microsoft IIS 5.0 < 5.1 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2003-0226
30 May 2003 — Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. Microsoft Internet Information Services (IIS) 5.0 y 5.1 permite que atacantes remotos provoquen una denegación de servicio vía una petición WebDav muy larga con los métodos PROPFIND o SEARCH, lo que genera una condición de error que no se está manejando apropiadamente... • https://www.exploit-db.com/exploits/35 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1694
https://notcve.org/view.php?id=CVE-2002-1694
31 Dec 2002 — Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. • http://online.securityfocus.com/archive/1/250591 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1695
https://notcve.org/view.php?id=CVE-2002-1695
31 Dec 2002 — Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. • http://online.securityfocus.com/archive/1/250591 •