This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:microsoft:internet_information_server:5.0 |
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 1999-01-26 |
| Product | Internet Information Server | Last view | 2008-02-12 |
| Version | 5.0 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:microsoft:internet_information_server | ||
Activity : Yearly
Related : CVE
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 7.2 | 2008-02-12 | CVE-2008-0074 | Local | Low | None Requ... | |
| 4.4 | 2006-12-15 | CVE-2006-6579 | Local | Medium | None Requ... | |
| 6.5 | 2006-07-11 | CVE-2006-0026 | Network | Low | Requires ... | |
| 5 | 2005-08-23 | CVE-2005-2678 | Network | Low | None Requ... | |
| 4.3 | 2005-07-05 | CVE-2005-2089 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2004-11-03 | CVE-2003-0718 | Network | Low | None Requ... | |
| 5 | 2003-06-09 | CVE-2003-0226 | Network | Low | None Requ... | |
| 5 | 2003-06-09 | CVE-2003-0225 | Network | Low | None Requ... | |
| 10 | 2003-06-09 | CVE-2003-0224 | Network | Low | None Requ... | |
| 6.8 | 2003-06-09 | CVE-2003-0223 | Network | Medium | None Requ... | |
| 5 | 2002-12-31 | CVE-2002-1908 | Network | Low | None Requ... | |
| 5 | 2002-12-31 | CVE-2002-1790 | Network | Low | None Requ... | |
| 5 | 2002-12-31 | CVE-2002-1745 | Network | Low | None Requ... | |
| 5 | 2002-12-31 | CVE-2002-1744 | Network | Low | None Requ... | |
| 6.8 | 2002-12-31 | CVE-2002-1700 | Network | Medium | None Requ... | |
| 5 | 2002-12-31 | CVE-2002-1695 | Network | Low | None Requ... | |
| 5 | 2002-12-31 | CVE-2002-1694 | Network | Low | None Requ... | |
| 5 | 2002-11-12 | CVE-2002-1182 | Network | Low | None Requ... | |
| 6.8 | 2002-11-12 | CVE-2002-1181 | Network | Medium | None Requ... | |
| 7.5 | 2002-11-12 | CVE-2002-1180 | Network | Low | None Requ... | |
| 7.5 | 2002-11-12 | CVE-2002-0869 | Network | Low | None Requ... | |
| 7.5 | 2002-10-04 | CVE-2002-0862 | Network | Low | None Requ... | |
| 2.6 | 2002-08-12 | CVE-2002-0422 | Network | High | None Requ... | |
| 5 | 2002-08-12 | CVE-2002-0419 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 75% (3) | CWE-200 | Information Exposure |
| 25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
CAPEC : Common Attack Pattern Enumeration & Classificatio
| id | Name |
|---|---|
| CAPEC-19 | Embedding Scripts within Scripts |
| CAPEC-33 | HTTP Request Smuggling |
| CAPEC-38 | Leveraging/Manipulating Configuration File Search Paths |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| id | Name |
|---|---|
| CAPEC-81 | Web Logs Tampering |
| CAPEC-100 | Overflow Buffers |
| CAPEC-105 | HTTP Request Splitting |
| CAPEC-123 | Buffer Attacks |
| CAPEC-198 | Cross-Site Scripting in Error Pages |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:927 | IIS5.0 Specialized Header Vulnerability |
| oval:org.mitre.oval:def:44 | IIS Web Server Folder Traversal |
| oval:org.mitre.oval:def:191 | IIS Web Server File Request Parsing |
| oval:org.mitre.oval:def:90 | IIS Denial of Service via WebDAV |
| oval:org.mitre.oval:def:78 | Windows 2000 IIS Directory Traversal Command Execution (Test 1) |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:37 | Windows NT IIS Directory Traversal Command Execution (Test 1) |
| oval:org.mitre.oval:def:1051 | Windows 2000 IIS Directory Traversal Command Execution (Test 2) |
| oval:org.mitre.oval:def:1018 | Windows NT IIS Directory Traversal Command Execution (Test 2) |
| oval:org.mitre.oval:def:912 | Windows 2000 IIS System File Listing Privilege Elevation Vulnerability |
| oval:org.mitre.oval:def:909 | Windows NT IIS System File Listing Privilege Elevation Vulnerability |
| oval:org.mitre.oval:def:45 | DEPRECATED: Windows NT HTR ISAPI Buffer Overflow |
| oval:org.mitre.oval:def:130 | DEPRECATED: Windows 2000 HTR ISAPI Buffer Overflow |
| oval:org.mitre.oval:def:12413 | Buffer overrun in HTR ISAPI extension |
| oval:org.mitre.oval:def:12315 | Access violation in URL error handling |
| oval:org.mitre.oval:def:35 | DEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of Service |
| oval:org.mitre.oval:def:24 | DEPRECATED: Windows NT IIS FTP Connection Status Request Denial of Service |
| oval:org.mitre.oval:def:12490 | Denial of service via FTP status request |
| oval:org.mitre.oval:def:46 | DEPRECATED: IIS Help File Search Cross-site Scripting |
| oval:org.mitre.oval:def:12356 | Cross-site Scripting in IIS Help File search facility |
| oval:org.mitre.oval:def:58 | DEPRECATED: Windows NT IIS HTTP Redirect Error Message Cross-site Scripting |
| oval:org.mitre.oval:def:210 | DEPRECATED: Windows 2000 IIS HTTP Redirect Error Message Cross-site Scripting |
| oval:org.mitre.oval:def:12346 | Cross-site Scripting in Redirect Response message |
| oval:org.mitre.oval:def:25 | DEPRECATED: Windows 2000 IIS Chunked Encoding Buffer Overflow |
| oval:org.mitre.oval:def:16 | DEPRECATED: Windows NT IIS Chunked Encoding Buffer Overflow |
| oval:org.mitre.oval:def:12501 | Buffer overrun in Chunked Encoding mechanism |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 59892 | Microsoft IIS Malformed Host Header Remote DoS |
| 59621 | Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure |
| 59561 | Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure |
| 43451 | Microsoft IIS HTTP Request Smuggling |
| 41456 | Microsoft IIS File Change Handling Local Privilege Escalation |
| id | Description |
|---|---|
| 35962 | Microsoft Windows XP Registry QHEADLES Permission Weakness |
| 28260 | Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure |
| 27152 | Microsoft Windows IIS ASP Page Processing Overflow |
| 27087 | Microsoft IIS SMTP Encapsulated SMTP Address Open Relay |
| 21557 | ColdFusion MX Error Message XSS |
| 21537 | Microsoft IIS Log File Permission Weakness Remote Modification |
| 18926 | Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass |
| 17124 | Microsoft IIS Malformed WebDAV Request DoS |
| 17123 | Microsoft IIS Multiple Unspecified Admin Pages XSS |
| 17122 | Microsoft IIS Permission Weakness .COM File Upload |
| 14229 | Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS |
| 13985 | Microsoft IIS Malformed HTTP Request Log Entry Spoofing |
| 13761 | Microsoft Exchange 2000 Malformed URL Request DoS |
| 13760 | Microsoft IIS Malformed URL Request DoS |
| 13478 | Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS |
| 13439 | Microsoft IIS HTTP Request Malformed Content-Length DoS |
| 13434 | Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS |
| 13433 | Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure |
| 13432 | Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure |
| 13431 | Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure |
Metasploit Exploits
| id | Description |
|---|---|
| 2001-05-15 | Microsoft IIS/PWS CGI Filename Double Decode Command Execution |
