Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 1999-05-12 |
| Product | Internet Information Server | Last view | 2013-05-22 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2013-05-22 | CVE-2013-0942 | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 9 | 2009-08-31 | CVE-2009-3023 | Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." |
| 10 | 2008-02-12 | CVE-2008-0075 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. |
| 7.2 | 2008-02-12 | CVE-2008-0074 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. |
| 7.8 | 2007-01-05 | CVE-2007-0087 | Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal |
| 4.4 | 2006-12-15 | CVE-2006-6579 | Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. |
| 5 | 2002-12-31 | CVE-2002-1694 | Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running. |
| 5 | 2002-08-12 | CVE-2002-0419 | Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. |
| 5 | 2001-09-20 | CVE-2001-0709 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. |
| 10 | 2001-07-21 | CVE-2001-0500 | Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. |
| 5 | 2001-06-27 | CVE-2001-0337 | The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. |
| 5 | 2001-06-27 | CVE-2001-0336 | The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. |
| 5 | 2001-06-27 | CVE-2001-0335 | FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. |
| 7.5 | 2001-06-27 | CVE-2001-0334 | FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. |
| 7.5 | 2001-06-27 | CVE-2001-0333 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. |
| 5 | 2001-02-12 | CVE-2000-1090 | Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. |
| 5 | 2000-01-21 | CVE-2000-0115 | IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. |
| 7.5 | 1999-12-31 | CVE-1999-1591 | Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. |
| 5 | 1999-12-31 | CVE-1999-1148 | FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. |
| 7.1 | 1999-08-19 | CVE-1999-0725 | When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". |
| 5 | 1999-05-12 | CVE-1999-0229 | Denial of service in Windows NT IIS server using ..\.. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 14% (1) | CWE-200 | Information Exposure |
| 14% (1) | CWE-131 | Incorrect Calculation of Buffer Size |
| 14% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 14% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 14% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 14% (1) | CWE-16 | Configuration |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-6 | Argument Injection |
| CAPEC-15 | Command Delimiters |
| CAPEC-19 | Embedding Scripts within Scripts |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| CAPEC-79 | Using Slashes in Alternate Encoding |
| CAPEC-81 | Web Logs Tampering |
| CAPEC-100 | Overflow Buffers |
| CAPEC-123 | Buffer Attacks |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:78 | Windows 2000 IIS Directory Traversal Command Execution (Test 1) |
| oval:org.mitre.oval:def:37 | Windows NT IIS Directory Traversal Command Execution (Test 1) |
| oval:org.mitre.oval:def:1051 | Windows 2000 IIS Directory Traversal Command Execution (Test 2) |
| oval:org.mitre.oval:def:1018 | Windows NT IIS Directory Traversal Command Execution (Test 2) |
| oval:org.mitre.oval:def:197 | IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red) |
| oval:org.mitre.oval:def:5389 | Internet Information Services Local Privilege Elevation Vulnerability |
| oval:org.mitre.oval:def:5308 | Internet Information Services Remote Code Execution Vulnerability |
| oval:org.mitre.oval:def:6080 | IIS FTP Service RCE and DoS Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| IIS Double Decoding Directory Traversal | More info here |
| Microsoft IIS FTP Server NLST Command Remote Overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 59360 | Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS |
| 57589 | Microsoft IIS FTP Server NLST Command Remote Overflow |
| 55269 | Microsoft IIS Traversal GET Request Remote DoS |
| 45583 | Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass |
| 41456 | Microsoft IIS File Change Handling Local Privilege Escalation |
| 41445 | Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution |
| 35962 | Microsoft Windows XP Registry QHEADLES Permission Weakness |
| 33457 | Microsoft IIS Crafted TCP Connection Range Header DoS |
| 21537 | Microsoft IIS Log File Permission Weakness Remote Modification |
| 13479 | Microsoft IIS for Far East Parsed Page Source Disclosure |
| 13478 | Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS |
| 13473 | Microsoft IIS on FAT Partition Local ASP Source Disclosure |
| 13426 | Microsoft IIS NTLM Authentication Request Information Disclosure |
| 11452 | Microsoft IIS Double Byte Code Arbitrary Source Disclosure |
| 11157 | Microsoft IIS FTP Service PASV Connection Saturation DoS |
| 5693 | Microsoft MS00-060 Patch IIS Malformed Request DoS |
| 1826 | Microsoft IIS Domain Guest Account Disclosure |
| 1824 | Microsoft IIS FTP DoS |
| 568 | Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow |
| 556 | Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-05-22 | Name : Microsoft IIS GET Request Denial of Service Vulnerability File : nvt/secpod_ms_iis_get_request_dos_vuln.nasl |
| 2011-01-13 | Name : Microsoft Internet Information Services Privilege Elevation Vulnerability (94... File : nvt/gb_ms08-005.nasl |
| 2009-10-15 | Name : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) File : nvt/secpod_ms09-053.nasl |
| 2009-09-02 | Name : Microsoft IIS FTPd NLST stack overflow File : nvt/microsoft-iis-nlst-stack-overflow.nasl |
| 2005-11-03 | Name : CodeRed version X detection File : nvt/codered_x.nasl |
| 2005-11-03 | Name : IIS Remote Command Execution File : nvt/iis_decode_bug.nasl |
| 2005-11-03 | Name : IIS .IDA ISAPI filter applied File : nvt/iis_ida_isapi.nasl |
| 2005-11-03 | Name : IIS 5.0 WebDav Memory Leakage File : nvt/iis_webdav_lock_memory_leak.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2009-B-0052 | Microsoft FTP Service for Internet Information Services (IIS) Remote Code Exe... Severity: Category I - VMSKEY: V0021742 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows IIS directory traversal attempt RuleID : 974-community - Type : SERVER-IIS - Revision : 23 |
| 2014-01-10 | Microsoft Windows IIS directory traversal attempt RuleID : 974 - Type : SERVER-IIS - Revision : 23 |
| 2014-01-10 | multiple decode attempt RuleID : 970 - Type : WEB-IIS - Revision : 14 |
| 2014-01-10 | Microsoft NLST * dos attempt RuleID : 8481 - Type : PROTOCOL-FTP - Revision : 11 |
| 2014-01-10 | httpodbc.dll access - nimda RuleID : 3201 - Type : SERVER-IIS - Revision : 14 |
| 2014-01-10 | NLST overflow attempt RuleID : 2374-community - Type : PROTOCOL-FTP - Revision : 19 |
| 2014-01-10 | NLST overflow attempt RuleID : 2374 - Type : PROTOCOL-FTP - Revision : 19 |
| 2018-10-17 | Multiple Products FTP MKD buffer overflow attempt RuleID : 23055-community - Type : PROTOCOL-FTP - Revision : 10 |
| 2014-01-10 | Multiple Products FTP MKD buffer overflow attempt RuleID : 23055 - Type : PROTOCOL-FTP - Revision : 10 |
| 2014-01-10 | MKD overflow attempt RuleID : 1973-community - Type : PROTOCOL-FTP - Revision : 31 |
| 2014-01-10 | MKD overflow attempt RuleID : 1973 - Type : PROTOCOL-FTP - Revision : 31 |
| 2014-02-08 | (http_inspect)webrootdirectorytraversal RuleID : 18 - Type : - Revision : 2 |
| 2014-01-10 | Microsoft IIS ASP handling buffer overflow attempt RuleID : 15974 - Type : SERVER-IIS - Revision : 7 |
| 2014-01-10 | Microsoft IIS HTMLEncode Unicode string buffer overflow RuleID : 13922 - Type : SERVER-IIS - Revision : 11 |
| 2014-01-10 | Microsoft IIS HTMLEncode Unicode string buffer overflow RuleID : 13476 - Type : SERVER-IIS - Revision : 10 |
| 2014-01-10 | ISAPI .idq attempt RuleID : 1244-community - Type : SERVER-IIS - Revision : 29 |
| 2014-01-10 | ISAPI .idq attempt RuleID : 1244 - Type : SERVER-IIS - Revision : 29 |
| 2014-01-10 | ISAPI .ida attempt RuleID : 1243-community - Type : SERVER-IIS - Revision : 26 |
| 2014-01-10 | ISAPI .ida attempt RuleID : 1243 - Type : SERVER-IIS - Revision : 26 |
| 2019-01-15 | (http_inspect)directorytraversal RuleID : 11 - Type : - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-10-13 | Name: The remote anonymous FTP server seems vulnerable to an arbitrary code executi... File: iis5_ftp_overflow.nasl - Type: ACT_DENIAL |
| 2009-10-13 | Name: The remote FTP server is affected by multiple vulnerabilities. File: smb_nt_ms09-053.nasl - Type: ACT_GATHER_INFO |
| 2008-02-12 | Name: A local user can elevate his privileges on the remote host. File: smb_nt_ms08-005.nasl - Type: ACT_GATHER_INFO |
| 2008-02-12 | Name: It is possible to use the remote web server to exploit arbitrary code on the ... File: smb_nt_ms08-006.nasl - Type: ACT_GATHER_INFO |
| 2003-10-08 | Name: The remote web server is affected by an information disclosure vulnerability. File: iis_auth_scheme.nasl - Type: ACT_GATHER_INFO |
| 2001-06-19 | Name: The remote web server is affected by multiple vulnerabilities. File: iis_isapi_overflow.nasl - Type: ACT_ATTACK |
| 2001-05-15 | Name: Arbitrary commands can be executed on the remote web server. File: iis_decode_bug.nasl - Type: ACT_GATHER_INFO |
| 1999-06-22 | Name: The remote web server is vulnerable to a Denial of Service attack File: iis_crash.nasl - Type: ACT_DENIAL |
