This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1998-02-06
Product Internet Information Services Last view 2014-04-23
Version 4.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:internet_information_services

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2014-04-23 CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

6 2009-12-29 CVE-2009-4445

Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.

5 2009-09-04 CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."

9 2009-08-31 CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

9 2008-10-14 CVE-2008-1446

Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

4.4 2006-12-15 CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

7.2 2004-08-06 CVE-2004-0205

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

5 2003-06-09 CVE-2003-0225

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

6.8 2003-06-09 CVE-2003-0223

Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

5 2002-12-31 CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5 2002-12-31 CVE-2002-1695

Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

5 2002-12-31 CVE-2002-1694

Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

6.8 2002-11-12 CVE-2002-1181

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.

7.5 2002-11-12 CVE-2002-0869

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."

5 2002-08-12 CVE-2002-0419

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.

7.5 2002-07-03 CVE-2002-0364

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

7.5 2002-04-22 CVE-2002-0150

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.

7.5 2002-04-22 CVE-2002-0149

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

7.5 2002-04-22 CVE-2002-0148

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

7.5 2002-04-22 CVE-2002-0147

Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."

7.5 2002-04-22 CVE-2002-0079

Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

7.5 2002-04-22 CVE-2002-0075

Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

7.5 2002-04-22 CVE-2002-0074

Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

5 2002-04-22 CVE-2002-0073

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.

5 2002-04-22 CVE-2002-0072

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

CWE : Common Weakness Enumeration

%idName
20% (3) CWE-200 Information Exposure
20% (3) CWE-20 Improper Input Validation
13% (2) CWE-264 Permissions, Privileges, and Access Controls
13% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
6% (1) CWE-362 Race Condition
6% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
6% (1) CWE-190 Integer Overflow or Wraparound
6% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-11 Cause Web Server Misclassification
CAPEC-19 Embedding Scripts within Scripts
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-81 Web Logs Tampering
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks
CAPEC-168 Windows ::DATA Alternate Data Stream

SAINT Exploits

Description Link
IIS Unicode Directory Traversal More info here
Microsoft IIS .HTR ISAPI chunked encoding buffer overflow More info here
IIS Double Decoding Directory Traversal More info here
Microsoft IIS FTP Server NLST Command Remote Overflow More info here
Microsoft IIS ASP chunked encoding buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
61432 Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote ...
59829 Netscape Enterprise/FastTrack DOS Filename Request Access Bypass
59827 Xitami Web Server DOS Filename Request Access Bypass
59826 vqSoft vqServer for Windows DOS Filename Request Access Bypass
57753 Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
57589 Microsoft IIS FTP Server NLST Command Remote Overflow
49059 Microsoft IIS IPP Service Unspecified Remote Overflow
35962 Microsoft Windows XP Registry QHEADLES Permission Weakness
28260 Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
27087 Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
21537 Microsoft IIS Log File Permission Weakness Remote Modification
17123 Microsoft IIS Multiple Unspecified Admin Pages XSS
15749 Microsoft IIS / Site Server code.asp Arbitrary File Access
14229 Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
13759 Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
13634 Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
13558 Microsoft IIS SSL Request Resource Exhaustion DoS
13507 Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
13478 Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS
13473 Microsoft IIS on FAT Partition Local ASP Source Disclosure
13426 Microsoft IIS NTLM Authentication Request Information Disclosure
11455 Microsoft IIS / PWS DOS Filename Request Access Bypass
11277 Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
11257 Microsoft IIS Malformed GET Request DoS
11157 Microsoft IIS FTP Service PASV Connection Saturation DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-04 Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
File : nvt/gb_ms02-018_remote.nasl
2012-07-04 Name : Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
File : nvt/gb_ms99-33_remote.nasl
2012-07-03 Name : Microsoft IIS Malformed File Extension Denial of Service Vulnerability
File : nvt/gb_ms00-30_remote.nasl
2009-10-15 Name : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
File : nvt/secpod_ms09-053.nasl
2009-09-18 Name : Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
File : nvt/secpod_ms_iis_ftpd_ls_dos_vuln.nasl
2009-09-02 Name : Microsoft IIS FTPd NLST stack overflow
File : nvt/microsoft-iis-nlst-stack-overflow.nasl
2009-03-16 Name : Microsoft MS03-018 security check
File : nvt/remote-MS03-018.nasl
2009-03-16 Name : Microsoft MS00-078 security check
File : nvt/remote-MS00-078.nasl
2009-03-08 Name : Microsoft MS00-060 security check
File : nvt/remote-MS00-060.nasl
2008-10-15 Name : Windows Internet Printing Service Allow Remote Code Execution Vulnerability (...
File : nvt/secpod_ms08-062_900052.nasl
2005-11-03 Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability
File : nvt/iis_unc_mapped_virt_host_vuln.nasl
2005-11-03 Name : Cumulative Patch for Internet Information Services (Q327696)
File : nvt/smb_nt_ms02-018.nasl
2005-11-03 Name : Tests for Nimda Worm infected HTML files
File : nvt/nimda.nasl
2005-11-03 Name : RDS / MDAC Vulnerability (msadcs.dll) located
File : nvt/msadcs_dll.nasl
2005-11-03 Name : IIS XSS via 404 error
File : nvt/iis_xss_404.nasl
2005-11-03 Name : IIS 5.0 WebDav Memory Leakage
File : nvt/iis_webdav_lock_memory_leak.nasl
2005-11-03 Name : Check for dangerous IIS default files
File : nvt/iis_viewcode.nasl
2005-11-03 Name : IIS FrontPage DoS
File : nvt/IIS_frontpage_DOS_2.nasl
2005-11-03 Name : Private IP address leaked in HTTP headers
File : nvt/iis_nat.nasl
2005-11-03 Name : IIS .IDA ISAPI filter applied
File : nvt/iis_ida_isapi.nasl
2005-11-03 Name : Test Microsoft IIS Source Fragment Disclosure
File : nvt/iis_frag_disclosure.nasl
2005-11-03 Name : IIS directory traversal
File : nvt/iis_dir_traversal.nasl
2005-11-03 Name : IIS Remote Command Execution
File : nvt/iis_decode_bug.nasl
2005-11-03 Name : Codebrws.asp Source Disclosure Vulnerability
File : nvt/iis_codebrws.nasl
2005-11-03 Name : IIS IDA/IDQ Path Disclosure
File : nvt/iis_anything_idq.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-B-0052 Microsoft FTP Service for Internet Information Services (IIS) Remote Code Exe...
Severity: Category I - VMSKEY: V0021742
2008-B-0075 Microsoft Internet Printing Service Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0017793

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 anot.htr access
RuleID : 996-community - Type : SERVER-IIS - Revision : 20
2014-01-10 anot.htr access
RuleID : 996 - Type : SERVER-IIS - Revision : 20
2014-01-10 ism.dll access
RuleID : 995-community - Type : SERVER-IIS - Revision : 26
2014-01-10 ism.dll access
RuleID : 995 - Type : SERVER-IIS - Revision : 26
2014-01-10 iisadmin access
RuleID : 993-community - Type : SERVER-IIS - Revision : 22
2014-01-10 iisadmin access
RuleID : 993 - Type : SERVER-IIS - Revision : 22
2014-01-10 achg.htr access
RuleID : 991-community - Type : SERVER-IIS - Revision : 20
2014-01-10 achg.htr access
RuleID : 991 - Type : SERVER-IIS - Revision : 20
2014-01-10 .htr access file download request
RuleID : 987-community - Type : FILE-IDENTIFY - Revision : 32
2014-01-10 .htr access file download request
RuleID : 987 - Type : FILE-IDENTIFY - Revision : 32
2014-01-10 JET VBA access
RuleID : 985-community - Type : SERVER-IIS - Revision : 22
2014-01-10 JET VBA access
RuleID : 985 - Type : SERVER-IIS - Revision : 22
2014-01-10 JET VBA access
RuleID : 984-community - Type : SERVER-IIS - Revision : 25
2014-01-10 JET VBA access
RuleID : 984 - Type : SERVER-IIS - Revision : 25
2014-01-10 unicode directory traversal attempt
RuleID : 983 - Type : WEB-IIS - Revision : 13
2014-01-10 unicode directory traversal attempt
RuleID : 982 - Type : WEB-IIS - Revision : 13
2014-01-10 unicode directory traversal attempt
RuleID : 981 - Type : WEB-IIS - Revision : 13
2014-01-10 Alternate Data streams ASP file access attempt
RuleID : 975-community - Type : SERVER-IIS - Revision : 27
2014-01-10 Alternate Data streams ASP file access attempt
RuleID : 975 - Type : SERVER-IIS - Revision : 27
2014-01-10 *.idc attempt
RuleID : 973-community - Type : SERVER-IIS - Revision : 24
2014-01-10 *.idc attempt
RuleID : 973 - Type : SERVER-IIS - Revision : 24
2014-01-10 multiple decode attempt
RuleID : 970 - Type : WEB-IIS - Revision : 14
2014-01-10 Microsoft Frontpage shtml.exe access
RuleID : 962-community - Type : SERVER-OTHER - Revision : 25
2014-01-10 Microsoft Frontpage shtml.exe access
RuleID : 962 - Type : SERVER-OTHER - Revision : 25
2014-01-10 Microsoft Frontpage shtml.dll access
RuleID : 940-community - Type : SERVER-OTHER - Revision : 29

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2009-10-13 Name: The remote anonymous FTP server seems vulnerable to an arbitrary code executi...
File: iis5_ftp_overflow.nasl - Type: ACT_DENIAL
2009-10-13 Name: The remote FTP server is affected by multiple vulnerabilities.
File: smb_nt_ms09-053.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: It is possible to execute arbitrary code on the remote host via the internet ...
File: smb_nt_ms08-062.nasl - Type: ACT_GATHER_INFO
2004-07-13 Name: Arbitrary code can be executed on the remote web server.
File: smb_nt_ms04-021.nasl - Type: ACT_GATHER_INFO
2003-10-08 Name: The remote web server is affected by an information disclosure vulnerability.
File: iis_auth_scheme.nasl - Type: ACT_GATHER_INFO
2003-07-22 Name: The remote web server is vulnerable to a denial of service
File: IIS_frontpage_DOS_2.nasl - Type: ACT_DENIAL
2003-06-02 Name: Arbitrary code can be executed on the remote web server.
File: smb_nt_ms03-018.nasl - Type: ACT_GATHER_INFO
2003-03-23 Name: The remote web server is affected by an information disclosure flaw.
File: iis_unc_mapped_virt_host_vuln.nasl - Type: ACT_GATHER_INFO
2003-03-15 Name: The remote web server is affected by a cross-site scripting vulnerability.
File: frontpage_xss.nasl - Type: ACT_GATHER_INFO
2003-03-13 Name: A web application running on the remote host has a buffer overflow vulnerabil...
File: fp_fpcount.nasl - Type: ACT_GATHER_INFO
2003-03-12 Name: The remote host is vulnerable to privilege escalation.
File: smb_nt_ms02-001.nasl - Type: ACT_GATHER_INFO
2002-06-13 Name: The remote web server is affected by a buffer overflow vulnerability.
File: iis_htr_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2002-05-22 Name: Some files may be read on the remote host.
File: iis_codebrws.nasl - Type: ACT_GATHER_INFO
2002-04-23 Name: Arbitrary code can be executed on the remote host through the web server.
File: smb_nt_ms02-018.nasl - Type: ACT_GATHER_INFO
2002-04-11 Name: The remote web server is affected by a denial of service vulnerability.
File: iis_frontpage_dos.nasl - Type: ACT_DENIAL
2002-04-11 Name: The remote web server is affected by multiple vulnerabilities.
File: iis_xss_404.nasl - Type: ACT_GATHER_INFO
2002-04-10 Name: The remote web server is affected by multiple buffer overflow vulnerabilities.
File: iis_asp_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2002-04-10 Name: The remote FTP server is prone to a denial of service attack.
File: msftp_dos.nasl - Type: ACT_DENIAL
2002-04-10 Name: The remote web server is affected by a buffer overflow vulnerability.
File: iis_htr_isapi.nasl - Type: ACT_GATHER_INFO
2002-02-05 Name: The remote host is affected by a cross-site scripting vulnerability.
File: asp_net_css.nasl - Type: ACT_ATTACK
2001-09-14 Name: This web server leaks a private IP address through its HTTP headers.
File: iis_nat.nasl - Type: ACT_GATHER_INFO
2001-06-19 Name: The remote web server is affected by multiple vulnerabilities.
File: iis_isapi_overflow.nasl - Type: ACT_ATTACK
2001-05-29 Name: The remote web server is affected by an information disclosure vulnerability.
File: iis_frag_disclosure.nasl - Type: ACT_GATHER_INFO
2001-05-15 Name: Arbitrary commands can be executed on the remote web server.
File: iis_decode_bug.nasl - Type: ACT_GATHER_INFO