Microsoft Internet Information Server
By the Year
In 2024 there have been 0 vulnerabilities in Microsoft Internet Information Server . Internet Information Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Internet Information Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Internet Information Server Security Vulnerabilities
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5
CVE-2010-1899
- September 15, 2010
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'ASP pages are prohibited by default on IIS 6.0. - The vulnerability is only exploitable when the ASP script writes parameters from the request in the response.'
Buffer Overflow
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0
CVE-2008-0074
- February 12, 2008
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header
CVE-2007-0087
- January 05, 2007
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence
CVE-2001-0334
7.5 - High
- June 27, 2001
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
Incorrect Calculation of Buffer Size
Frontpage Server Extensions
CVE-2000-0114
- February 02, 2000
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a
CVE-2000-0126
- January 26, 2000
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
IIS allows local users to cause a denial of service
CVE-2000-0115
- January 21, 2000
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a
CVE-1999-0154
- December 31, 1999
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
Denial of service in Windows NT IIS server using
CVE-1999-0229
- May 12, 1999
Denial of service in Windows NT IIS server using ..\..
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are
CVE-1999-0448
- January 01, 1999
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
Some web servers under Microsoft Windows
CVE-1999-0012
- February 06, 1998
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
Denial of service in IIS using long URLs.
CVE-1999-0281
- June 01, 1997
Denial of service in IIS using long URLs.
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a
CVE-1999-0253
- January 01, 1997
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Internet Information Services or by Microsoft? Click the Watch button to subscribe.
