CVSS: 6.5EPSS: 96%CPEs: 2EXPL: 1CVE-2006-0026 – Microsoft IIS - ASP Stack Overflow (MS06-034)
https://notcve.org/view.php?id=CVE-2006-0026
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Desbordamiento de búfer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar código de su elección a través de Active Server Pages (ASP) manipuladas. • https://www.exploit-db.com/exploits/2056 http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html http://secunia.com/advisories/21006 http://securitytracker.com/id?1016466 http://www.kb.cert.org/vuls/id/395588 http://www.osvdb.org/27152 http://www.securityfocus.com/bid/18858 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2752 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034 •
CVSS: 5.0EPSS: 12%CPEs: 2EXPL: 0CVE-2005-2678
https://notcve.org/view.php?id=CVE-2005-2678
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost. • http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html http://marc.info/?l=bugtraq&m=112474727903399&w=2 http://secunia.com/advisories/16548 http://www.vupen.com/english/advisories/2005/1503 •
CVSS: 4.3EPSS: 39%CPEs: 2EXPL: 0CVE-2005-2089
https://notcve.org/view.php?id=CVE-2005-2089
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42899 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.0EPSS: 94%CPEs: 2EXPL: 1CVE-2003-0718 – Microsoft IIS - WebDAV XML Denial of Service (MS04-030)
https://notcve.org/view.php?id=CVE-2003-0718
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. El Manejador de Mensajes WebDAV de Internet Information Server (IIS) 5.0, 5.1, y 6.0 permite a atacantes remotos causar una denegación de servicio (consumición de memoria y CPU), caída de aplicación mediante un mensaje XML conteniendo elementos XML con un gran número de atributos. • https://www.exploit-db.com/exploits/585 http://marc.info/?l=bugtraq&m=109762641822064&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030 https://exchange.xforce.ibmcloud.com/vulnerabilities/17645 https://exchange.xforce.ibmcloud.com/vulnerabilities/17656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427 https://oval.cisecurity.org/repos •
CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 2CVE-2003-0226 – Microsoft IIS 5.0 < 5.1 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2003-0226
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. Microsoft Internet Information Services (IIS) 5.0 y 5.1 permite que atacantes remotos provoquen una denegación de servicio vía una petición WebDav muy larga con los métodos PROPFIND o SEARCH, lo que genera una condición de error que no se está manejando apropiadamente. • https://www.exploit-db.com/exploits/35 https://www.exploit-db.com/exploits/22670 http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html http://marc.info/?l=bugtraq&m=105427362724860&w=2 http://marc.info/?l=ntbugtraq&m=105421243732552&w=2 http://www.spidynamics.com/iis_alert.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A933 •