CVE-2006-6578
https://notcve.org/view.php?id=CVE-2006-6578
Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. Microsoft Internet Information Services (IIS) 5.1 permite a la cuenta IUSR_Machine ejecutar archivos no-EXE así como archivos .COM, lo cual permite a un atacante remoto ejecutar comandos de su elección a través de argumentos a cualquier archivo .COM que ejecute esos argumentos, como se demostró usando win.com cuando está en un directorio web con ciertos permisos. • http://securityreason.com/securityalert/2036 http://www.securityfocus.com/archive/1/454268/100/0/threaded •
CVE-2005-4360 – Microsoft IIS - HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2005-4360
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). • https://www.exploit-db.com/exploits/1376 https://www.exploit-db.com/exploits/1377 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html http://secunia.com/advisories/18106 http://securityreason.com/securityalert/271 http://securitytracker.com/alerts/2005/Dec/1015376.html http://www.osvdb.org/21805 http://www.securityfocus.com/archive/1/419707/100/0/threaded http://www.securityfocus. • CWE-252: Unchecked Return Value •
CVE-2005-2089
https://notcve.org/view.php?id=CVE-2005-2089
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42899 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2002-1718
https://notcve.org/view.php?id=CVE-2002-1718
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. • http://online.securityfocus.com/archive/1/255555 http://online.securityfocus.com/archive/1/256125 http://www.securityfocus.com/bid/4084 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2002-1717
https://notcve.org/view.php?id=CVE-2002-1717
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. • http://online.securityfocus.com/archive/1/255555 http://online.securityfocus.com/archive/1/256125 http://www.securityfocus.com/bid/4078 https://exchange.xforce.ibmcloud.com/vulnerabilities/8174 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •