This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-09-29
Product Iis Last view 2015-03-31
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:iis

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2015-03-31 CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

5.9 2013-03-15 CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

10 2008-09-29 CVE-2008-4301

** DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous.

5 2008-09-29 CVE-2008-4300

A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-310 Cryptographic Issues
25% (1) CWE-255 Credentials Management
25% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
49899 Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Passw...
49730 Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2013-A-0220 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042380

Snort® IPS/IDS

Date Description
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2017-04-06 SSLv3 Client Hello attempt
RuleID : 41807 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37026 - Type : POLICY-OTHER - Revision : 4
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37025 - Type : POLICY-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-04 Name: The remote host is missing a vendor-supplied security patch.
File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_jul_2016.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: A video conferencing application running on the remote host is affected by mu...
File: cisco_telepresence_vcs_multiple_880.nasl - Type: ACT_GATHER_INFO
2016-06-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10727.nasl - Type: ACT_GATHER_INFO
2016-06-16 Name: The remote host is affected by a security feature bypass vulnerability.
File: ibm_storwize_cve_2015_2808.nasl - Type: ACT_GATHER_INFO
2016-04-29 Name: The remote host is affected by multiple vulnerabilities.
File: hp_data_protector_hpsbgn03580.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U867669.nasl - Type: ACT_GATHER_INFO
2016-01-14 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0113-1.nasl - Type: ACT_GATHER_INFO
2016-01-06 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp7_nix.nasl - Type: ACT_GATHER_INFO
2016-01-06 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp7_win.nasl - Type: ACT_GATHER_INFO
2016-01-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201512-10.nasl - Type: ACT_GATHER_INFO
2015-12-21 Name: The remote web server is affected by a security feature bypass vulnerability.
File: ibm_http_server_bar_mitzvah.nasl - Type: ACT_GATHER_INFO
2015-12-07 Name: The remote web server hosts a web application that is potentially affected by...
File: jira_6_4_10.nasl - Type: ACT_GATHER_INFO
2015-12-04 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U863668.nasl - Type: ACT_GATHER_INFO
2015-12-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-2166-1.nasl - Type: ACT_GATHER_INFO
2015-10-23 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_oct_2015.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16864.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp6.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1509-1.nasl - Type: ACT_GATHER_INFO
2015-08-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-303.nasl - Type: ACT_GATHER_INFO
2015-08-26 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-586.nasl - Type: ACT_GATHER_INFO
2015-08-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3339.nasl - Type: ACT_GATHER_INFO
2015-08-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1375-1.nasl - Type: ACT_GATHER_INFO
2015-08-07 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2706-1.nasl - Type: ACT_GATHER_INFO
2015-08-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1331-1.nasl - Type: ACT_GATHER_INFO