This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:microsoft:internet_information_server:5.0
Detail
VendorMicrosoftFirst view 1999-01-26
ProductInternet Information ServerLast view2008-02-12
Version5.0TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:microsoft:internet_information_server

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
7.22008-02-12CVE-2008-0074LocalLowNone Requ...
4.42006-12-15CVE-2006-6579LocalMediumNone Requ...
6.52006-07-11CVE-2006-0026NetworkLowRequires ...
52005-08-23CVE-2005-2678NetworkLowNone Requ...
4.32005-07-05CVE-2005-2089NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52004-11-03CVE-2003-0718NetworkLowNone Requ...
52003-06-09CVE-2003-0226NetworkLowNone Requ...
52003-06-09CVE-2003-0225NetworkLowNone Requ...
102003-06-09CVE-2003-0224NetworkLowNone Requ...
6.82003-06-09CVE-2003-0223NetworkMediumNone Requ...
52002-12-31CVE-2002-1908NetworkLowNone Requ...
52002-12-31CVE-2002-1790NetworkLowNone Requ...
52002-12-31CVE-2002-1745NetworkLowNone Requ...
52002-12-31CVE-2002-1744NetworkLowNone Requ...
4.32002-12-31CVE-2002-1700NetworkMediumNone Requ...
52002-12-31CVE-2002-1695NetworkLowNone Requ...
52002-12-31CVE-2002-1694NetworkLowNone Requ...
52002-11-12CVE-2002-1182NetworkLowNone Requ...
6.82002-11-12CVE-2002-1181NetworkMediumNone Requ...
7.52002-11-12CVE-2002-1180NetworkLowNone Requ...
7.52002-11-12CVE-2002-0869NetworkLowNone Requ...
7.52002-10-04CVE-2002-0862NetworkLowNone Requ...
2.62002-08-12CVE-2002-0422NetworkHighNone Requ...
52002-08-12CVE-2002-0419NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
60% (3)CWE-200Information Exposure
20% (1)CWE-264Permissions, Privileges, and Access Controls
20% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-19Embedding Scripts within Scripts
CAPEC-33HTTP Request Smuggling
CAPEC-38Leveraging/Manipulating Configuration File Search Paths
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-71Using Unicode Encoding to Bypass Validation Logic
Hide | Show 5 More...
idName
CAPEC-81Web Logs Tampering
CAPEC-100Overflow Buffers
CAPEC-105HTTP Request Splitting
CAPEC-123Buffer Attacks
CAPEC-198Cross-Site Scripting in Error Pages

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:483IIS Server Side Include Web Pages Buffer Overrun
oval:org.mitre.oval:def:44IIS Web Server Folder Traversal
oval:org.mitre.oval:def:373IIS AddHeader Large Header Denial of Service
oval:org.mitre.oval:def:29Windows 2000 IIS Heap Overrun in HTR Chunked Encoding
oval:org.mitre.oval:def:182Windows NT IIS Heap Overrun in HTR Chunked Encoding
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:197IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)
oval:org.mitre.oval:def:927IIS5.0 Specialized Header Vulnerability
oval:org.mitre.oval:def:931IIS5.0 Script Source Access Vulnerability
oval:org.mitre.oval:def:46DEPRECATED: IIS Help File Search Cross-site Scripting
oval:org.mitre.oval:def:12356Cross-site Scripting in IIS Help File search facility
oval:org.mitre.oval:def:92DEPRECATED: Windows 2000 IIS HTTP Error Page Cross-site Scripting
oval:org.mitre.oval:def:81DEPRECATED: Windows NT IIS HTTP Error Page Cross-site Scripting
oval:org.mitre.oval:def:12008Cross-site Scripting in HTTP Error Page
oval:org.mitre.oval:def:78Windows 2000 IIS Directory Traversal Command Execution (Test 1)
oval:org.mitre.oval:def:37Windows NT IIS Directory Traversal Command Execution (Test 1)
oval:org.mitre.oval:def:1051Windows 2000 IIS Directory Traversal Command Execution (Test 2)
oval:org.mitre.oval:def:1018Windows NT IIS Directory Traversal Command Execution (Test 2)
oval:org.mitre.oval:def:191IIS Web Server File Request Parsing
oval:org.mitre.oval:def:95DEPRECATED: Windows 2000 IIS ASP Server-Side Include Function Buffer Overflow
oval:org.mitre.oval:def:132DEPRECATED: Windows NT IIS ASP Server-Side Include Function Buffer Overflow
oval:org.mitre.oval:def:12407Buffer Overrun in ASP Server-Side Include Function
oval:org.mitre.oval:def:72DEPRECATED: Windows NT Variant of Chunked Encoding Buffer Overrun
oval:org.mitre.oval:def:22DEPRECATED: Windows 2000 Variant of Chunked Encoding Buffer Overrun
oval:org.mitre.oval:def:12307Microsoft-discovered variant of Chunked Encoding buffer overrun
oval:org.mitre.oval:def:45DEPRECATED: Windows NT HTR ISAPI Buffer Overflow

SAINT Exploits

DescriptionLink
IIS Unicode Directory TraversalMore info here
Microsoft IIS .HTR ISAPI chunked encoding buffer overflowMore info here
IIS Double Decoding Directory TraversalMore info here
Microsoft IIS ASP chunked encoding buffer overflowMore info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
59892Microsoft IIS Malformed Host Header Remote DoS
59621Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
59561Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
43451Microsoft IIS HTTP Request Smuggling
41456Microsoft IIS File Change Handling Local Privilege Escalation
Hide | Show 20 More...
idDescription
35962Microsoft Windows XP Registry QHEADLES Permission Weakness
28260Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
27152Microsoft Windows IIS ASP Page Processing Overflow
27087Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
21557ColdFusion MX Error Message XSS
21537Microsoft IIS Log File Permission Weakness Remote Modification
18926Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
17124Microsoft IIS Malformed WebDAV Request DoS
17123Microsoft IIS Multiple Unspecified Admin Pages XSS
17122Microsoft IIS Permission Weakness .COM File Upload
14229Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
13985Microsoft IIS Malformed HTTP Request Log Entry Spoofing
13761Microsoft Exchange 2000 Malformed URL Request DoS
13760Microsoft IIS Malformed URL Request DoS
13478Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS
13439Microsoft IIS HTTP Request Malformed Content-Length DoS
13434Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS
13433Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
13432Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
13431Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-07-04Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
File : nvt/gb_ms02-018_remote.nasl
2012-07-03Name : Microsoft IIS Malformed File Extension Denial of Service Vulnerability
File : nvt/gb_ms00-30_remote.nasl
2011-01-13Name : Microsoft Internet Information Services Privilege Elevation Vulnerability (94...
File : nvt/gb_ms08-005.nasl
2009-03-16Name : Microsoft MS00-078 security check
File : nvt/remote-MS00-078.nasl
2009-03-16Name : Microsoft MS03-018 security check
File : nvt/remote-MS03-018.nasl
Hide | Show 21 More...
idDescription
2009-03-15Name : Microsoft MS00-058 security check
File : nvt/remote-MS00-058.nasl
2009-03-08Name : Microsoft MS00-060 security check
File : nvt/remote-MS00-060.nasl
2005-11-03Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability
File : nvt/iis_unc_mapped_virt_host_vuln.nasl
2005-11-03Name : IIS 5.0 WebDav Memory Leakage
File : nvt/iis_webdav_lock_memory_leak.nasl
2005-11-03Name : IIS XSS via 404 error
File : nvt/iis_xss_404.nasl
2005-11-03Name : ASP/ASA source using Microsoft Translate f: bug
File : nvt/translate_f.nasl
2005-11-03Name : Cumulative Patch for Internet Information Services (Q327696)
File : nvt/smb_nt_ms02-018.nasl
2005-11-03Name : CodeRed version X detection
File : nvt/codered_x.nasl
2005-11-03Name : Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
File : nvt/smb_nt_ms02-050.nasl
2005-11-03Name : Flaw in Microsoft VM Could Allow Code Execution (810030)
File : nvt/smb_nt_ms02-052.nasl
2005-11-03Name : MSDTC denial of service by flooding with nul bytes
File : nvt/msdtc_dos.nasl
2005-11-03Name : IIS FrontPage DoS
File : nvt/IIS_frontpage_DOS_2.nasl
2005-11-03Name : Tests for Nimda Worm infected HTML files
File : nvt/nimda.nasl
2005-11-03Name : IIS IDA/IDQ Path Disclosure
File : nvt/iis_anything_idq.nasl
2005-11-03Name : IIS Remote Command Execution
File : nvt/iis_decode_bug.nasl
2005-11-03Name : IIS directory traversal
File : nvt/iis_dir_traversal.nasl
2005-11-03Name : Private IP address Leaked using the PROPFIND method
File : nvt/propfind_internal_ip.nasl
2005-11-03Name : Test Microsoft IIS Source Fragment Disclosure
File : nvt/iis_frag_disclosure.nasl
2005-11-03Name : IIS .IDA ISAPI filter applied
File : nvt/iis_ida_isapi.nasl
2005-11-03Name : Private IP address leaked in HTTP headers
File : nvt/iis_nat.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2014-01-10ism.dll access
RuleID : 995-community - Type : SERVER-IIS - Revision : 26
2014-01-10ism.dll access
RuleID : 995 - Type : SERVER-IIS - Revision : 26
2014-01-10.htr access file download request
RuleID : 987-community - Type : FILE-IDENTIFY - Revision : 31
2014-01-10.htr access file download request
RuleID : 987 - Type : FILE-IDENTIFY - Revision : 31
2014-01-10unicode directory traversal attempt
RuleID : 983 - Type : WEB-IIS - Revision : 13
Hide | Show 20 More...
DateDescription
2014-01-10unicode directory traversal attempt
RuleID : 982 - Type : WEB-IIS - Revision : 13
2014-01-10unicode directory traversal attempt
RuleID : 981 - Type : WEB-IIS - Revision : 13
2014-01-10multiple decode attempt
RuleID : 970 - Type : WEB-IIS - Revision : 14
2014-01-10Microsoft Frontpage shtml.exe access
RuleID : 962-community - Type : SERVER-OTHER - Revision : 24
2014-01-10Microsoft Frontpage shtml.exe access
RuleID : 962 - Type : SERVER-OTHER - Revision : 24
2014-01-10Microsoft Frontpage shtml.dll access
RuleID : 940-community - Type : SERVER-OTHER - Revision : 28
2014-01-10Microsoft Frontpage shtml.dll access
RuleID : 940 - Type : SERVER-OTHER - Revision : 28
2014-01-10Microsoft Frontpage posting
RuleID : 939-community - Type : SERVER-OTHER - Revision : 22
2014-01-10Microsoft Frontpage posting
RuleID : 939 - Type : SERVER-OTHER - Revision : 22
2014-01-10Microsoft Frontpage _vti_rpc access
RuleID : 937-community - Type : SERVER-OTHER - Revision : 21
2014-01-10Microsoft Frontpage _vti_rpc access
RuleID : 937 - Type : SERVER-OTHER - Revision : 21
2014-01-10Microsoft NLST * dos attempt
RuleID : 8481 - Type : PROTOCOL-FTP - Revision : 11
2014-01-10file copied ok
RuleID : 497-community - Type : INDICATOR-COMPROMISE - Revision : 20
2014-01-10file copied ok
RuleID : 497 - Type : INDICATOR-COMPROMISE - Revision : 20
2014-01-10command completed
RuleID : 494-community - Type : INDICATOR-COMPROMISE - Revision : 19
2014-01-10command completed
RuleID : 494 - Type : INDICATOR-COMPROMISE - Revision : 19
2014-01-10httpodbc.dll access - nimda
RuleID : 3201-community - Type : SERVER-IIS - Revision : 14
2014-01-10httpodbc.dll access - nimda
RuleID : 3201 - Type : SERVER-IIS - Revision : 14
2014-01-10.bat executable file parsing attack
RuleID : 3194-community - Type : SERVER-IIS - Revision : 16
2014-01-10.bat executable file parsing attack
RuleID : 3194 - Type : SERVER-IIS - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2008-02-12Name : A local user can elevate his privileges on the remote host.
File : smb_nt_ms08-005.nasl - Type : ACT_GATHER_INFO
2006-07-11Name : It is possible to use the remote web server to exploit arbitrary code on the ...
File : smb_nt_ms06-034.nasl - Type : ACT_GATHER_INFO
2005-09-08Name : The remote host has an application that is affected by a source code disclosu...
File : translate_f_51.nasl - Type : ACT_GATHER_INFO
2004-10-12Name : It is possible to crash the remote web server.
File : smb_nt_ms04-030.nasl - Type : ACT_GATHER_INFO
2004-03-18Name : This web server leaks a private IP address through its WebDAV interface.
File : propfind_internal_ip.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2003-10-08Name : The remote web server is affected by an information disclosure vulnerability.
File : iis_auth_scheme.nasl - Type : ACT_GATHER_INFO
2003-07-22Name : The remote web server is vulnerable to a denial of service
File : IIS_frontpage_DOS_2.nasl - Type : ACT_DENIAL
2003-06-02Name : Arbitrary code can be executed on the remote web server.
File : smb_nt_ms03-018.nasl - Type : ACT_GATHER_INFO
2003-03-23Name : The remote web server is affected by an information disclosure flaw.
File : iis_unc_mapped_virt_host_vuln.nasl - Type : ACT_GATHER_INFO
2003-03-15Name : The remote web server is vulnerable to a cross-site scripting attack.
File : frontpage_xss.nasl - Type : ACT_GATHER_INFO
2003-03-12Name : The remote host is vulnerable to privilege escalation.
File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO
2002-10-24Name : It is possible to spoof user identities.
File : smb_nt_ms02-050.nasl - Type : ACT_GATHER_INFO
2002-06-13Name : The remote web server is affected by a buffer overflow vulnerability.
File : iis_htr_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2002-04-23Name : Arbitrary code can be executed on the remote host through the web server.
File : smb_nt_ms02-018.nasl - Type : ACT_GATHER_INFO
2002-04-20Name : The remote service is prone to a denial of service attack.
File : msdtc_dos.nasl - Type : ACT_DENIAL
2002-04-11Name : The remote web server is affected by a denial of service vulnerability.
File : iis_frontpage_dos.nasl - Type : ACT_DENIAL
2002-04-11Name : The remote web server is affected by multiple vulnerabilities.
File : iis_xss_404.nasl - Type : ACT_GATHER_INFO
2002-04-10Name : The remote web server is affected by multiple buffer overflow vulnerabilities.
File : iis_asp_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2002-04-10Name : The remote web server is affected by a buffer overflow vulnerability.
File : iis_htr_isapi.nasl - Type : ACT_GATHER_INFO
2002-04-10Name : The remote FTP server is prone to a denial of service attack.
File : msftp_dos.nasl - Type : ACT_DENIAL
2002-02-05Name : The remote host is affected by a cross-site scripting vulnerability.
File : asp_net_css.nasl - Type : ACT_ATTACK
2001-11-30Name : The remote web server is affected by a cross-site scripting vulnerability.
File : cross_site_scripting.nasl - Type : ACT_ATTACK
2001-09-14Name : This web server leaks a private IP address through its HTTP headers.
File : iis_nat.nasl - Type : ACT_GATHER_INFO
2001-06-19Name : The remote web server is affected by multiple vulnerabilities.
File : iis_isapi_overflow.nasl - Type : ACT_ATTACK
2001-05-29Name : The remote web server is affected by an information disclosure vulnerability.
File : iis_frag_disclosure.nasl - Type : ACT_GATHER_INFO