This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1999-01-26
Product Internet Information Services Last view 2014-04-23
Version 5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:internet_information_services

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2014-04-23 CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

6 2009-12-29 CVE-2009-4445

Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.

6 2009-12-29 CVE-2009-4444

Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.

5 2009-09-04 CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."

9 2009-08-31 CVE-2009-3023

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

7.5 2009-06-10 CVE-2009-1122

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

5.8 2009-01-14 CVE-2003-1567

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

5 2009-01-14 CVE-2003-1566

Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.

9 2008-10-14 CVE-2008-1446

Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

7.2 2008-02-12 CVE-2008-0074

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

10 2007-05-22 CVE-2007-2815

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

4.4 2006-12-15 CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

6.5 2006-07-11 CVE-2006-0026

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

5 2005-08-23 CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

4.3 2005-07-05 CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

5 2004-11-03 CVE-2003-0718

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

5 2003-06-09 CVE-2003-0226

Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.

5 2003-06-09 CVE-2003-0225

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

10 2003-06-09 CVE-2003-0224

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."

6.8 2003-06-09 CVE-2003-0223

Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

5 2002-12-31 CVE-2002-1908

Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.

5 2002-12-31 CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

7.5 2002-12-31 CVE-2002-1745

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

5 2002-12-31 CVE-2002-1744

Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).

4.3 2002-12-31 CVE-2002-1700

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

CWE : Common Weakness Enumeration

%idName
23% (4) CWE-200 Information Exposure
11% (2) CWE-264 Permissions, Privileges, and Access Controls
11% (2) CWE-20 Improper Input Validation
5% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
5% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
5% (1) CWE-287 Improper Authentication
5% (1) CWE-193 Off-by-one Error
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-131 Incorrect Calculation of Buffer Size
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-19 Embedding Scripts within Scripts
CAPEC-33 HTTP Request Smuggling
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-81 Web Logs Tampering
CAPEC-100 Overflow Buffers
CAPEC-105 HTTP Request Splitting
CAPEC-123 Buffer Attacks
CAPEC-198 Cross-Site Scripting in Error Pages

SAINT Exploits

Description Link
IIS Unicode Directory Traversal More info here
Microsoft IIS .HTR ISAPI chunked encoding buffer overflow More info here
IIS Double Decoding Directory Traversal More info here
Microsoft IIS FTP Server NLST Command Remote Overflow More info here
Microsoft IIS ASP chunked encoding buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
61432 Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote ...
61294 Microsoft IIS ASP Crafted semicolon Extension Security Bypass
59892 Microsoft IIS Malformed Host Header Remote DoS
59621 Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
59561 Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
57753 Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
57589 Microsoft IIS FTP Server NLST Command Remote Overflow
56474 Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication...
49059 Microsoft IIS IPP Service Unspecified Remote Overflow
43451 Microsoft IIS HTTP Request Smuggling
41456 Microsoft IIS File Change Handling Local Privilege Escalation
41091 Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
35962 Microsoft Windows XP Registry QHEADLES Permission Weakness
28260 Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
27152 Microsoft Windows IIS ASP Page Processing Overflow
27087 Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
21557 ColdFusion MX Error Message XSS
21537 Microsoft IIS Log File Permission Weakness Remote Modification
18926 Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
17124 Microsoft IIS Malformed WebDAV Request DoS
17123 Microsoft IIS Multiple Unspecified Admin Pages XSS
17122 Microsoft IIS Permission Weakness .COM File Upload
14229 Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
13985 Microsoft IIS Malformed HTTP Request Log Entry Spoofing
13761 Microsoft Exchange 2000 Malformed URL Request DoS

ExploitDB Exploits

id Description
4016 Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-04 Name : Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
File : nvt/gb_ms02-018_remote.nasl
2012-07-03 Name : Microsoft IIS Malformed File Extension Denial of Service Vulnerability
File : nvt/gb_ms00-30_remote.nasl
2011-01-13 Name : Microsoft Internet Information Services Privilege Elevation Vulnerability (94...
File : nvt/gb_ms08-005.nasl
2009-10-15 Name : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
File : nvt/secpod_ms09-053.nasl
2009-09-18 Name : Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
File : nvt/secpod_ms_iis_ftpd_ls_dos_vuln.nasl
2009-09-02 Name : Microsoft IIS FTPd NLST stack overflow
File : nvt/microsoft-iis-nlst-stack-overflow.nasl
2009-06-10 Name : Microsoft IIS Security Bypass Vulnerability (970483)
File : nvt/secpod_ms09-020.nasl
2009-03-16 Name : Microsoft MS03-018 security check
File : nvt/remote-MS03-018.nasl
2009-03-16 Name : Microsoft MS00-078 security check
File : nvt/remote-MS00-078.nasl
2009-03-15 Name : Microsoft MS00-058 security check
File : nvt/remote-MS00-058.nasl
2009-03-08 Name : Microsoft MS00-060 security check
File : nvt/remote-MS00-060.nasl
2008-10-15 Name : Windows Internet Printing Service Allow Remote Code Execution Vulnerability (...
File : nvt/secpod_ms08-062_900052.nasl
2005-11-03 Name : Private IP address Leaked using the PROPFIND method
File : nvt/propfind_internal_ip.nasl
2005-11-03 Name : http TRACE XSS attack
File : nvt/xst_http_trace.nasl
2005-11-03 Name : Cumulative Patch for Internet Information Services (Q327696)
File : nvt/smb_nt_ms02-018.nasl
2005-11-03 Name : ASP/ASA source using Microsoft Translate f: bug
File : nvt/translate_f.nasl
2005-11-03 Name : IIS FrontPage DoS
File : nvt/IIS_frontpage_DOS_2.nasl
2005-11-03 Name : Tests for Nimda Worm infected HTML files
File : nvt/nimda.nasl
2005-11-03 Name : MSDTC denial of service by flooding with nul bytes
File : nvt/msdtc_dos.nasl
2005-11-03 Name : IIS XSS via 404 error
File : nvt/iis_xss_404.nasl
2005-11-03 Name : IIS 5.0 WebDav Memory Leakage
File : nvt/iis_webdav_lock_memory_leak.nasl
2005-11-03 Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability
File : nvt/iis_unc_mapped_virt_host_vuln.nasl
2005-11-03 Name : IIS 5.0 PROPFIND Vulnerability
File : nvt/iis_propfind2.nasl
2005-11-03 Name : Private IP address leaked in HTTP headers
File : nvt/iis_nat.nasl
2005-11-03 Name : IIS .IDA ISAPI filter applied
File : nvt/iis_ida_isapi.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-B-0052 Microsoft FTP Service for Internet Information Services (IIS) Remote Code Exe...
Severity: Category I - VMSKEY: V0021742
2009-B-0022 Multiple vulnerabilities in Microsoft Internet Information Services (IIS)
Severity: Category II - VMSKEY: V0019400
2008-B-0075 Microsoft Internet Printing Service Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0017793

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 ism.dll access
RuleID : 995-community - Type : SERVER-IIS - Revision : 26
2014-01-10 ism.dll access
RuleID : 995 - Type : SERVER-IIS - Revision : 26
2014-01-10 .htr access file download request
RuleID : 987-community - Type : FILE-IDENTIFY - Revision : 32
2014-01-10 .htr access file download request
RuleID : 987 - Type : FILE-IDENTIFY - Revision : 32
2014-01-10 unicode directory traversal attempt
RuleID : 983 - Type : WEB-IIS - Revision : 13
2014-01-10 unicode directory traversal attempt
RuleID : 982 - Type : WEB-IIS - Revision : 13
2014-01-10 unicode directory traversal attempt
RuleID : 981 - Type : WEB-IIS - Revision : 13
2014-01-10 multiple decode attempt
RuleID : 970 - Type : WEB-IIS - Revision : 14
2014-01-10 Microsoft Frontpage shtml.exe access
RuleID : 962-community - Type : SERVER-OTHER - Revision : 25
2014-01-10 Microsoft Frontpage shtml.exe access
RuleID : 962 - Type : SERVER-OTHER - Revision : 25
2014-01-10 Microsoft Frontpage shtml.dll access
RuleID : 940-community - Type : SERVER-OTHER - Revision : 29
2014-01-10 Microsoft Frontpage shtml.dll access
RuleID : 940 - Type : SERVER-OTHER - Revision : 29
2014-01-10 Microsoft Frontpage posting
RuleID : 939-community - Type : SERVER-OTHER - Revision : 23
2014-01-10 Microsoft Frontpage posting
RuleID : 939 - Type : SERVER-OTHER - Revision : 23
2014-01-10 Microsoft Frontpage _vti_rpc access
RuleID : 937-community - Type : SERVER-OTHER - Revision : 22
2014-01-10 Microsoft Frontpage _vti_rpc access
RuleID : 937 - Type : SERVER-OTHER - Revision : 22
2014-01-10 Microsoft NLST * dos attempt
RuleID : 8481 - Type : PROTOCOL-FTP - Revision : 11
2014-01-10 file copied ok
RuleID : 497-community - Type : INDICATOR-COMPROMISE - Revision : 21
2014-01-10 file copied ok
RuleID : 497 - Type : INDICATOR-COMPROMISE - Revision : 21
2014-01-10 command completed
RuleID : 494-community - Type : INDICATOR-COMPROMISE - Revision : 21
2014-01-10 command completed
RuleID : 494 - Type : INDICATOR-COMPROMISE - Revision : 21
2014-01-10 httpodbc.dll access - nimda
RuleID : 3201 - Type : SERVER-IIS - Revision : 14
2014-01-10 .bat executable file parsing attack
RuleID : 3194-community - Type : SERVER-IIS - Revision : 16
2014-01-10 .bat executable file parsing attack
RuleID : 3194 - Type : SERVER-IIS - Revision : 16
2014-01-10 .cmd executable file parsing attack
RuleID : 3193-community - Type : SERVER-IIS - Revision : 17

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2009-10-13 Name: The remote anonymous FTP server seems vulnerable to an arbitrary code executi...
File: iis5_ftp_overflow.nasl - Type: ACT_DENIAL
2009-10-13 Name: The remote FTP server is affected by multiple vulnerabilities.
File: smb_nt_ms09-053.nasl - Type: ACT_GATHER_INFO
2009-06-10 Name: It is possible to bypass authentication on the remote web server.
File: smb_nt_ms09-020.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: It is possible to execute arbitrary code on the remote host via the internet ...
File: smb_nt_ms08-062.nasl - Type: ACT_GATHER_INFO
2008-03-25 Name: The remote web server contains a module which may allow an attacker to bypass...
File: iis_htw_auth_bypass.nasl - Type: ACT_GATHER_INFO
2008-02-12 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms08-005.nasl - Type: ACT_GATHER_INFO
2006-07-11 Name: It is possible to use the remote web server to exploit arbitrary code on the ...
File: smb_nt_ms06-034.nasl - Type: ACT_GATHER_INFO
2005-09-08 Name: The remote host has an application that is affected by a source code disclosu...
File: translate_f_51.nasl - Type: ACT_GATHER_INFO
2004-10-12 Name: It is possible to crash the remote web server.
File: smb_nt_ms04-030.nasl - Type: ACT_GATHER_INFO
2004-03-18 Name: This web server leaks a private IP address through its WebDAV interface.
File: propfind_internal_ip.nasl - Type: ACT_GATHER_INFO
2003-10-08 Name: The remote web server is affected by an information disclosure vulnerability.
File: iis_auth_scheme.nasl - Type: ACT_GATHER_INFO
2003-07-22 Name: The remote web server is vulnerable to a denial of service
File: IIS_frontpage_DOS_2.nasl - Type: ACT_DENIAL
2003-06-02 Name: Arbitrary code can be executed on the remote web server.
File: smb_nt_ms03-018.nasl - Type: ACT_GATHER_INFO
2003-03-23 Name: The remote web server is affected by an information disclosure flaw.
File: iis_unc_mapped_virt_host_vuln.nasl - Type: ACT_GATHER_INFO
2003-03-15 Name: The remote web server is affected by a cross-site scripting vulnerability.
File: frontpage_xss.nasl - Type: ACT_GATHER_INFO
2003-03-12 Name: The remote host is vulnerable to privilege escalation.
File: smb_nt_ms02-001.nasl - Type: ACT_GATHER_INFO
2003-01-23 Name: Debugging functions are enabled on the remote web server.
File: xst_http_trace.nasl - Type: ACT_GATHER_INFO
2002-06-13 Name: The remote web server is affected by a buffer overflow vulnerability.
File: iis_htr_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK
2002-04-23 Name: Arbitrary code can be executed on the remote host through the web server.
File: smb_nt_ms02-018.nasl - Type: ACT_GATHER_INFO
2002-04-20 Name: The remote service is prone to a denial of service attack.
File: msdtc_dos.nasl - Type: ACT_DENIAL
2002-04-11 Name: The remote web server is affected by a denial of service vulnerability.
File: iis_frontpage_dos.nasl - Type: ACT_DENIAL
2002-04-11 Name: The remote web server is affected by multiple vulnerabilities.
File: iis_xss_404.nasl - Type: ACT_GATHER_INFO
2002-04-10 Name: The remote web server is affected by a buffer overflow vulnerability.
File: iis_htr_isapi.nasl - Type: ACT_GATHER_INFO
2002-04-10 Name: The remote web server is affected by multiple buffer overflow vulnerabilities.
File: iis_asp_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK