This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:microsoft:internet_information_server:5.0
Detail
VendorMicrosoftFirst view 1999-01-26
ProductInternet Information ServerLast view 2008-02-12
Version5.0TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:microsoft:internet_information_server

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
7.2 2008-02-12 CVE-2008-0074 Local Low None Requ...
4.4 2006-12-15 CVE-2006-6579 Local Medium None Requ...
6.5 2006-07-11 CVE-2006-0026 Network Low Requires ...
5 2005-08-23 CVE-2005-2678 Network Low None Requ...
4.3 2005-07-05 CVE-2005-2089 Network Medium None Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
5 2004-11-03 CVE-2003-0718 Network Low None Requ...
5 2003-06-09 CVE-2003-0226 Network Low None Requ...
5 2003-06-09 CVE-2003-0225 Network Low None Requ...
10 2003-06-09 CVE-2003-0224 Network Low None Requ...
6.8 2003-06-09 CVE-2003-0223 Network Medium None Requ...
5 2002-12-31 CVE-2002-1908 Network Low None Requ...
5 2002-12-31 CVE-2002-1790 Network Low None Requ...
5 2002-12-31 CVE-2002-1745 Network Low None Requ...
5 2002-12-31 CVE-2002-1744 Network Low None Requ...
4.3 2002-12-31 CVE-2002-1700 Network Medium None Requ...
5 2002-12-31 CVE-2002-1695 Network Low None Requ...
5 2002-12-31 CVE-2002-1694 Network Low None Requ...
5 2002-11-12 CVE-2002-1182 Network Low None Requ...
6.8 2002-11-12 CVE-2002-1181 Network Medium None Requ...
7.5 2002-11-12 CVE-2002-1180 Network Low None Requ...
7.5 2002-11-12 CVE-2002-0869 Network Low None Requ...
7.5 2002-10-04 CVE-2002-0862 Network Low None Requ...
2.6 2002-08-12 CVE-2002-0422 Network High None Requ...
5 2002-08-12 CVE-2002-0419 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
60% (3)CWE-200Information Exposure
20% (1)CWE-264Permissions, Privileges, and Access Controls
20% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-19Embedding Scripts within Scripts
CAPEC-33HTTP Request Smuggling
CAPEC-38Leveraging/Manipulating Configuration File Search Paths
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-71Using Unicode Encoding to Bypass Validation Logic
Hide | Show 5 More...
idName
CAPEC-81Web Logs Tampering
CAPEC-100Overflow Buffers
CAPEC-105HTTP Request Splitting
CAPEC-123Buffer Attacks
CAPEC-198Cross-Site Scripting in Error Pages

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:927IIS5.0 Specialized Header Vulnerability
oval:org.mitre.oval:def:44IIS Web Server Folder Traversal
oval:org.mitre.oval:def:191IIS Web Server File Request Parsing
oval:org.mitre.oval:def:90IIS Denial of Service via WebDAV
oval:org.mitre.oval:def:78Windows 2000 IIS Directory Traversal Command Execution (Test 1)
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:37Windows NT IIS Directory Traversal Command Execution (Test 1)
oval:org.mitre.oval:def:1051Windows 2000 IIS Directory Traversal Command Execution (Test 2)
oval:org.mitre.oval:def:1018Windows NT IIS Directory Traversal Command Execution (Test 2)
oval:org.mitre.oval:def:912Windows 2000 IIS System File Listing Privilege Elevation Vulnerability
oval:org.mitre.oval:def:909Windows NT IIS System File Listing Privilege Elevation Vulnerability
oval:org.mitre.oval:def:45DEPRECATED: Windows NT HTR ISAPI Buffer Overflow
oval:org.mitre.oval:def:130DEPRECATED: Windows 2000 HTR ISAPI Buffer Overflow
oval:org.mitre.oval:def:12413Buffer overrun in HTR ISAPI extension
oval:org.mitre.oval:def:12315Access violation in URL error handling
oval:org.mitre.oval:def:35DEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of Service
oval:org.mitre.oval:def:24DEPRECATED: Windows NT IIS FTP Connection Status Request Denial of Service
oval:org.mitre.oval:def:12490Denial of service via FTP status request
oval:org.mitre.oval:def:46DEPRECATED: IIS Help File Search Cross-site Scripting
oval:org.mitre.oval:def:12356Cross-site Scripting in IIS Help File search facility
oval:org.mitre.oval:def:58DEPRECATED: Windows NT IIS HTTP Redirect Error Message Cross-site Scripting
oval:org.mitre.oval:def:210DEPRECATED: Windows 2000 IIS HTTP Redirect Error Message Cross-site Scripting
oval:org.mitre.oval:def:12346Cross-site Scripting in Redirect Response message
oval:org.mitre.oval:def:25DEPRECATED: Windows 2000 IIS Chunked Encoding Buffer Overflow
oval:org.mitre.oval:def:16DEPRECATED: Windows NT IIS Chunked Encoding Buffer Overflow
oval:org.mitre.oval:def:12501Buffer overrun in Chunked Encoding mechanism

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
59892Microsoft IIS Malformed Host Header Remote DoS
59621Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
59561Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
43451Microsoft IIS HTTP Request Smuggling
41456Microsoft IIS File Change Handling Local Privilege Escalation
Hide | Show 20 More...
idDescription
35962Microsoft Windows XP Registry QHEADLES Permission Weakness
28260Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
27152Microsoft Windows IIS ASP Page Processing Overflow
27087Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
21557ColdFusion MX Error Message XSS
21537Microsoft IIS Log File Permission Weakness Remote Modification
18926Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
17124Microsoft IIS Malformed WebDAV Request DoS
17123Microsoft IIS Multiple Unspecified Admin Pages XSS
17122Microsoft IIS Permission Weakness .COM File Upload
14229Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
13985Microsoft IIS Malformed HTTP Request Log Entry Spoofing
13761Microsoft Exchange 2000 Malformed URL Request DoS
13760Microsoft IIS Malformed URL Request DoS
13478Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS
13439Microsoft IIS HTTP Request Malformed Content-Length DoS
13434Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS
13433Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
13432Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
13431Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure

Metasploit Exploits

idDescription
2001-05-15MS01-026 Microsoft IIS/PWS CGI Filename Double Decode Command Execution

OpenVAS Exploits

idDescription
2012-07-04Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
File : nvt/gb_ms02-018_remote.nasl
2012-07-03Name : Microsoft IIS Malformed File Extension Denial of Service Vulnerability
File : nvt/gb_ms00-30_remote.nasl
2011-01-13Name : Microsoft Internet Information Services Privilege Elevation Vulnerability (94...
File : nvt/gb_ms08-005.nasl
2009-03-16Name : Microsoft MS00-078 security check
File : nvt/remote-MS00-078.nasl
2009-03-16Name : Microsoft MS03-018 security check
File : nvt/remote-MS03-018.nasl
Hide | Show 19 More...
idDescription
2009-03-15Name : Microsoft MS00-058 security check
File : nvt/remote-MS00-058.nasl
2009-03-08Name : Microsoft MS00-060 security check
File : nvt/remote-MS00-060.nasl
2005-11-03Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability
File : nvt/iis_unc_mapped_virt_host_vuln.nasl
2005-11-03Name : IIS 5.0 WebDav Memory Leakage
File : nvt/iis_webdav_lock_memory_leak.nasl
2005-11-03Name : IIS XSS via 404 error
File : nvt/iis_xss_404.nasl
2005-11-03Name : ASP/ASA source using Microsoft Translate f: bug
File : nvt/translate_f.nasl
2005-11-03Name : Cumulative Patch for Internet Information Services (Q327696)
File : nvt/smb_nt_ms02-018.nasl
2005-11-03Name : Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
File : nvt/smb_nt_ms02-050.nasl
2005-11-03Name : Flaw in Microsoft VM Could Allow Code Execution (810030)
File : nvt/smb_nt_ms02-052.nasl
2005-11-03Name : MSDTC denial of service by flooding with nul bytes
File : nvt/msdtc_dos.nasl
2005-11-03Name : IIS FrontPage DoS
File : nvt/IIS_frontpage_DOS_2.nasl
2005-11-03Name : Tests for Nimda Worm infected HTML files
File : nvt/nimda.nasl
2005-11-03Name : IIS IDA/IDQ Path Disclosure
File : nvt/iis_anything_idq.nasl
2005-11-03Name : IIS Remote Command Execution
File : nvt/iis_decode_bug.nasl
2005-11-03Name : IIS directory traversal
File : nvt/iis_dir_traversal.nasl
2005-11-03Name : Private IP address Leaked using the PROPFIND method
File : nvt/propfind_internal_ip.nasl
2005-11-03Name : Test Microsoft IIS Source Fragment Disclosure
File : nvt/iis_frag_disclosure.nasl
2005-11-03Name : Private IP address leaked in HTTP headers
File : nvt/iis_nat.nasl
2005-11-03Name : IIS 5.0 PROPFIND Vulnerability
File : nvt/iis_propfind2.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2014-01-10ism.dll access
RuleID : 995-community - Type : SERVER-IIS - Revision : 26
2014-01-10ism.dll access
RuleID : 995 - Type : SERVER-IIS - Revision : 26
2014-01-10.htr access file download request
RuleID : 987-community - Type : FILE-IDENTIFY - Revision : 31
2014-01-10.htr access file download request
RuleID : 987 - Type : FILE-IDENTIFY - Revision : 31
2014-01-10unicode directory traversal attempt
RuleID : 983 - Type : WEB-IIS - Revision : 13
Hide | Show 20 More...
DateDescription
2014-01-10unicode directory traversal attempt
RuleID : 982 - Type : WEB-IIS - Revision : 13
2014-01-10unicode directory traversal attempt
RuleID : 981 - Type : WEB-IIS - Revision : 13
2014-01-10multiple decode attempt
RuleID : 970 - Type : WEB-IIS - Revision : 14
2014-01-10Microsoft Frontpage shtml.exe access
RuleID : 962-community - Type : SERVER-OTHER - Revision : 24
2014-01-10Microsoft Frontpage shtml.exe access
RuleID : 962 - Type : SERVER-OTHER - Revision : 24
2014-01-10Microsoft Frontpage shtml.dll access
RuleID : 940-community - Type : SERVER-OTHER - Revision : 28
2014-01-10Microsoft Frontpage shtml.dll access
RuleID : 940 - Type : SERVER-OTHER - Revision : 28
2014-01-10Microsoft Frontpage posting
RuleID : 939-community - Type : SERVER-OTHER - Revision : 22
2014-01-10Microsoft Frontpage posting
RuleID : 939 - Type : SERVER-OTHER - Revision : 22
2014-01-10Microsoft Frontpage _vti_rpc access
RuleID : 937-community - Type : SERVER-OTHER - Revision : 21
2014-01-10Microsoft Frontpage _vti_rpc access
RuleID : 937 - Type : SERVER-OTHER - Revision : 21
2014-01-10Microsoft NLST * dos attempt
RuleID : 8481 - Type : PROTOCOL-FTP - Revision : 11
2014-01-10file copied ok
RuleID : 497-community - Type : INDICATOR-COMPROMISE - Revision : 20
2014-01-10file copied ok
RuleID : 497 - Type : INDICATOR-COMPROMISE - Revision : 20
2014-01-10command completed
RuleID : 494-community - Type : INDICATOR-COMPROMISE - Revision : 19
2014-01-10command completed
RuleID : 494 - Type : INDICATOR-COMPROMISE - Revision : 19
2014-01-10httpodbc.dll access - nimda
RuleID : 3201-community - Type : SERVER-IIS - Revision : 14
2014-01-10httpodbc.dll access - nimda
RuleID : 3201 - Type : SERVER-IIS - Revision : 14
2014-01-10.bat executable file parsing attack
RuleID : 3194-community - Type : SERVER-IIS - Revision : 16
2014-01-10.bat executable file parsing attack
RuleID : 3194 - Type : SERVER-IIS - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2008-02-12Name : A local user can elevate his privileges on the remote host.
File : smb_nt_ms08-005.nasl - Type : ACT_GATHER_INFO
2006-07-11Name : It is possible to use the remote web server to exploit arbitrary code on the ...
File : smb_nt_ms06-034.nasl - Type : ACT_GATHER_INFO
2005-09-08Name : The remote host has an application that is affected by a source code disclosu...
File : translate_f_51.nasl - Type : ACT_GATHER_INFO
2004-10-12Name : It is possible to crash the remote web server.
File : smb_nt_ms04-030.nasl - Type : ACT_GATHER_INFO
2004-03-18Name : This web server leaks a private IP address through its WebDAV interface.
File : propfind_internal_ip.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2003-10-08Name : The remote web server is affected by an information disclosure vulnerability.
File : iis_auth_scheme.nasl - Type : ACT_GATHER_INFO
2003-07-22Name : The remote web server is vulnerable to a denial of service
File : IIS_frontpage_DOS_2.nasl - Type : ACT_DENIAL
2003-06-02Name : Arbitrary code can be executed on the remote web server.
File : smb_nt_ms03-018.nasl - Type : ACT_GATHER_INFO
2003-03-23Name : The remote web server is affected by an information disclosure flaw.
File : iis_unc_mapped_virt_host_vuln.nasl - Type : ACT_GATHER_INFO
2003-03-15Name : The remote web server is vulnerable to a cross-site scripting attack.
File : frontpage_xss.nasl - Type : ACT_GATHER_INFO
2003-03-12Name : The remote host is vulnerable to privilege escalation.
File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO
2002-10-24Name : It is possible to spoof user identities.
File : smb_nt_ms02-050.nasl - Type : ACT_GATHER_INFO
2002-06-13Name : The remote web server is affected by a buffer overflow vulnerability.
File : iis_htr_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2002-04-23Name : Arbitrary code can be executed on the remote host through the web server.
File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO
2002-04-20Name : The remote service is prone to a denial of service attack.
File : msdtc_dos.nasl - Type : ACT_DENIAL
2002-04-11Name : The remote web server is affected by a denial of service vulnerability.
File : iis_frontpage_dos.nasl - Type : ACT_DENIAL
2002-04-11Name : The remote web server is affected by multiple vulnerabilities.
File : iis_xss_404.nasl - Type : ACT_GATHER_INFO
2002-04-10Name : The remote web server is affected by multiple buffer overflow vulnerabilities.
File : iis_asp_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2002-04-10Name : The remote web server is affected by a buffer overflow vulnerability.
File : iis_htr_isapi.nasl - Type : ACT_GATHER_INFO
2002-04-10Name : The remote FTP server is prone to a denial of service attack.
File : msftp_dos.nasl - Type : ACT_DENIAL
2002-02-05Name : ASP.NET is affected by a cross-site scripting vulnerability.
File : asp_net_css.nasl - Type : ACT_GATHER_INFO
2001-11-30Name : The remote web server is prone to cross-site scripting attacks.
File : cross_site_scripting.nasl - Type : ACT_ATTACK
2001-09-14Name : This web server leaks a private IP address through its HTTP headers.
File : iis_nat.nasl - Type : ACT_GATHER_INFO
2001-06-19Name : The remote web server is affected by multiple vulnerabilities.
File : iis_isapi_overflow.nasl - Type : ACT_ATTACK
2001-05-29Name : The remote web server is affected by an information disclosure vulnerability.
File : iis_frag_disclosure.nasl - Type : ACT_GATHER_INFO