CVSS: 7.5EPSS: 72%CPEs: 2EXPL: 1CVE-2002-0148 – Microsoft IIS 4.0/5.0 - HTTP Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0148
22 Apr 2002 — Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Vulnerabildad de secuencias de comandos en sitios cruzados (cross-site scripting) en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos ejecutar código arbitrario como otros usuarios mediatne una página de error HTTP. • https://www.exploit-db.com/exploits/21372 •
CVSS: 9.8EPSS: 49%CPEs: 2EXPL: 0CVE-2002-0149
https://notcve.org/view.php?id=CVE-2002-0149
22 Apr 2002 — Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Desbordamiento de buffer en las funciones de inclusión de ficheros en el servidor (server-side include) de ASP en IIS 4.0, 5.0 y 5.1 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante nombres de fichero largos. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 9.8EPSS: 67%CPEs: 2EXPL: 0CVE-2002-0150
https://notcve.org/view.php?id=CVE-2002-0150
22 Apr 2002 — Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Desbordamiento de buffer en Internet Information Server (IIS) 4.0, 5.0 y 5.1 permite a atacantes remotos falsificar la comprobación de seguridad de cabeceras HTTP y causar una denegación de servicio o ejecutar código arbitrario mediante valores de campos de las cabeceras HTTP. • http://www.cert.org/advisories/CA-2002-09.html •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 3CVE-2001-1186 – Microsoft IIS 5.0 - False Content-Length Field Denial of Service
https://notcve.org/view.php?id=CVE-2001-1186
11 Dec 2001 — Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. • https://www.exploit-db.com/exploits/21177 •
CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 0CVE-2001-0902
https://notcve.org/view.php?id=CVE-2001-0902
20 Nov 2001 — Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. • http://marc.info/?l=bugtraq&m=100626531103946&w=2 •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2001-0544
https://notcve.org/view.php?id=CVE-2001-0544
30 Oct 2001 — IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. • http://www.ciac.org/ciac/bulletins/l-132.shtml •
CVSS: 7.8EPSS: 80%CPEs: 2EXPL: 2CVE-2001-0506 – Microsoft IIS 4.0/5.0 - SSI Buffer Overrun Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0506
20 Sep 2001 — Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21071 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2001-0507 – Microsoft IIS 5.0 - In-Process Table Privilege Escalation
https://notcve.org/view.php?id=CVE-2001-0507
20 Sep 2001 — IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. • https://www.exploit-db.com/exploits/21072 •
CVSS: 7.5EPSS: 44%CPEs: 1EXPL: 0CVE-2001-0508
https://notcve.org/view.php?id=CVE-2001-0508
20 Sep 2001 — Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. • http://online.securityfocus.com/archive/1/182579 •
CVSS: 5.5EPSS: 25%CPEs: 2EXPL: 3CVE-2001-1243 – Microsoft IIS 4.0/5.0 - Device File Local Denial of Service
https://notcve.org/view.php?id=CVE-2001-1243
04 Jul 2001 — Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. • https://www.exploit-db.com/exploits/20989 •