This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1999-05-12
Product Internet Information Server Last view 2013-05-22
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:* 14
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:zh:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:ko:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:ja:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:zh:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:ko:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:ja:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:*:symantec:*:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:far_east:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:sp4:*:*:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:alpha:*:*:*:*:*:* 11
cpe:2.3:a:microsoft:internet_information_server:4.0:unknown:unknown:chinese:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:far_east:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:3.0:unknown:unknown:korean:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:3.0:unknown:unknown:chinese:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:4.0:unknown:unknown:japanese:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:3.0:unknown:unknown:japanese:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:4.0:unknown:unknown:korean:*:*:*:* 10
cpe:2.3:a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:* 9
cpe:2.3:a:microsoft:internet_information_server:5.0:*:*:far_east:*:*:*:* 8
cpe:2.3:a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
4.3 2013-05-22 CVE-2013-0942

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

9 2009-08-31 CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

10 2008-02-12 CVE-2008-0075

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

7.2 2008-02-12 CVE-2008-0074

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

7.8 2007-01-05 CVE-2007-0087

** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

4.4 2006-12-15 CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

5 2002-12-31 CVE-2002-1694

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

5 2002-08-12 CVE-2002-0419

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.

5 2001-09-20 CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.

10 2001-07-21 CVE-2001-0500

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

5 2001-06-27 CVE-2001-0337

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.

5 2001-06-27 CVE-2001-0336

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.

5 2001-06-27 CVE-2001-0335

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

5 2001-06-27 CVE-2001-0334

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

7.5 2001-06-27 CVE-2001-0333

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

5 2001-02-12 CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.

5 2000-01-21 CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.

7.5 1999-12-31 CVE-1999-1591

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

5 1999-12-31 CVE-1999-1148

FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

7.1 1999-08-19 CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

5 1999-05-12 CVE-1999-0229

Denial of service in Windows NT IIS server using ..\..

CWE : Common Weakness Enumeration

%idName
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-200 Information Exposure
16% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
16% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-19 Embedding Scripts within Scripts
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-81 Web Logs Tampering
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:78 Windows 2000 IIS Directory Traversal Command Execution (Test 1)
oval:org.mitre.oval:def:37 Windows NT IIS Directory Traversal Command Execution (Test 1)
oval:org.mitre.oval:def:1051 Windows 2000 IIS Directory Traversal Command Execution (Test 2)
oval:org.mitre.oval:def:1018 Windows NT IIS Directory Traversal Command Execution (Test 2)
oval:org.mitre.oval:def:197 IIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)
oval:org.mitre.oval:def:5389 Internet Information Services Local Privilege Elevation Vulnerability
oval:org.mitre.oval:def:5308 Internet Information Services Remote Code Execution Vulnerability
oval:org.mitre.oval:def:6080 IIS FTP Service RCE and DoS Vulnerability

SAINT Exploits

Description Link
IIS Double Decoding Directory Traversal More info here
Microsoft IIS FTP Server NLST Command Remote Overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
59360 Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
57589 Microsoft IIS FTP Server NLST Command Remote Overflow
55269 Microsoft IIS Traversal GET Request Remote DoS
45583 Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
41456 Microsoft IIS File Change Handling Local Privilege Escalation
41445 Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
35962 Microsoft Windows XP Registry QHEADLES Permission Weakness
33457 Microsoft IIS Crafted TCP Connection Range Header DoS
21537 Microsoft IIS Log File Permission Weakness Remote Modification
13479 Microsoft IIS for Far East Parsed Page Source Disclosure
13478 Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS
13473 Microsoft IIS on FAT Partition Local ASP Source Disclosure
13426 Microsoft IIS NTLM Authentication Request Information Disclosure
11452 Microsoft IIS Double Byte Code Arbitrary Source Disclosure
11157 Microsoft IIS FTP Service PASV Connection Saturation DoS
5693 Microsoft MS00-060 Patch IIS Malformed Request DoS
1826 Microsoft IIS Domain Guest Account Disclosure
1824 Microsoft IIS FTP DoS
568 Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
556 Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution

OpenVAS Exploits

id Description
2012-05-22 Name : Microsoft IIS GET Request Denial of Service Vulnerability
File : nvt/secpod_ms_iis_get_request_dos_vuln.nasl
2011-01-13 Name : Microsoft Internet Information Services Privilege Elevation Vulnerability (94...
File : nvt/gb_ms08-005.nasl
2009-10-15 Name : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
File : nvt/secpod_ms09-053.nasl
2009-09-02 Name : Microsoft IIS FTPd NLST stack overflow
File : nvt/microsoft-iis-nlst-stack-overflow.nasl
2005-11-03 Name : CodeRed version X detection
File : nvt/codered_x.nasl
2005-11-03 Name : IIS Remote Command Execution
File : nvt/iis_decode_bug.nasl
2005-11-03 Name : IIS .IDA ISAPI filter applied
File : nvt/iis_ida_isapi.nasl
2005-11-03 Name : IIS 5.0 WebDav Memory Leakage
File : nvt/iis_webdav_lock_memory_leak.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-B-0052 Microsoft FTP Service for Internet Information Services (IIS) Remote Code Exe...
Severity: Category I - VMSKEY: V0021742

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows IIS directory traversal attempt
RuleID : 974-community - Type : SERVER-IIS - Revision : 23
2014-01-10 Microsoft Windows IIS directory traversal attempt
RuleID : 974 - Type : SERVER-IIS - Revision : 23
2014-01-10 multiple decode attempt
RuleID : 970 - Type : WEB-IIS - Revision : 14
2014-01-10 Microsoft NLST * dos attempt
RuleID : 8481 - Type : PROTOCOL-FTP - Revision : 11
2014-01-10 httpodbc.dll access - nimda
RuleID : 3201 - Type : SERVER-IIS - Revision : 14
2014-01-10 NLST overflow attempt
RuleID : 2374-community - Type : PROTOCOL-FTP - Revision : 19
2014-01-10 NLST overflow attempt
RuleID : 2374 - Type : PROTOCOL-FTP - Revision : 19
2018-10-17 Multiple Products FTP MKD buffer overflow attempt
RuleID : 23055-community - Type : PROTOCOL-FTP - Revision : 10
2014-01-10 Multiple Products FTP MKD buffer overflow attempt
RuleID : 23055 - Type : PROTOCOL-FTP - Revision : 10
2014-01-10 MKD overflow attempt
RuleID : 1973-community - Type : PROTOCOL-FTP - Revision : 31
2014-01-10 MKD overflow attempt
RuleID : 1973 - Type : PROTOCOL-FTP - Revision : 31
2014-02-08 (http_inspect)webrootdirectorytraversal
RuleID : 18 - Type : - Revision : 2
2014-01-10 Microsoft IIS ASP handling buffer overflow attempt
RuleID : 15974 - Type : SERVER-IIS - Revision : 7
2014-01-10 Microsoft IIS HTMLEncode Unicode string buffer overflow
RuleID : 13922 - Type : SERVER-IIS - Revision : 11
2014-01-10 Microsoft IIS HTMLEncode Unicode string buffer overflow
RuleID : 13476 - Type : SERVER-IIS - Revision : 10
2014-01-10 ISAPI .idq attempt
RuleID : 1244-community - Type : SERVER-IIS - Revision : 29
2014-01-10 ISAPI .idq attempt
RuleID : 1244 - Type : SERVER-IIS - Revision : 29
2014-01-10 ISAPI .ida attempt
RuleID : 1243-community - Type : SERVER-IIS - Revision : 26
2014-01-10 ISAPI .ida attempt
RuleID : 1243 - Type : SERVER-IIS - Revision : 26
2019-01-15 (http_inspect)directorytraversal
RuleID : 11 - Type : - Revision : 2

Nessus® Vulnerability Scanner

id Description
2009-10-13 Name: The remote anonymous FTP server seems vulnerable to an arbitrary code executi...
File: iis5_ftp_overflow.nasl - Type: ACT_DENIAL
2009-10-13 Name: The remote FTP server is affected by multiple vulnerabilities.
File: smb_nt_ms09-053.nasl - Type: ACT_GATHER_INFO
2008-02-12 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms08-005.nasl - Type: ACT_GATHER_INFO
2008-02-12 Name: It is possible to use the remote web server to exploit arbitrary code on the ...
File: smb_nt_ms08-006.nasl - Type: ACT_GATHER_INFO
2003-10-08 Name: The remote web server is affected by an information disclosure vulnerability.
File: iis_auth_scheme.nasl - Type: ACT_GATHER_INFO
2001-06-19 Name: The remote web server is affected by multiple vulnerabilities.
File: iis_isapi_overflow.nasl - Type: ACT_ATTACK
2001-05-15 Name: Arbitrary commands can be executed on the remote web server.
File: iis_decode_bug.nasl - Type: ACT_GATHER_INFO
1999-06-22 Name: The remote web server is vulnerable to a Denial of Service attack
File: iis_crash.nasl - Type: ACT_DENIAL