Search
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-2013-0941 | 3 Apache, Microsoft, Rsa | 7 Http Server, Internet Information Server, Windows and 4 more | 2013-05-23 | 2.1 LOW | N/A |
| EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data. | |||||
| CVE-2013-0942 | 3 Apache, Emc, Microsoft | 3 Http Server, Rsa Authentication Agent, Internet Information Server | 2013-05-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2000-0167 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 2.1 LOW | N/A |
| IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | |||||
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | |||||
| CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | |||||
| CVE-2000-0114 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | |||||
| CVE-1999-0229 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Windows NT IIS server using ..\.. | |||||
| CVE-1999-0449 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 7.8 HIGH | N/A |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. | |||||
| CVE-1999-0448 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | |||||
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||
| CVE-1999-0191 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 6.4 MEDIUM | N/A |
| IIS newdsn.exe CGI script allows remote users to overwrite files. | |||||
| CVE-1999-1591 | 1 Microsoft | 2 Internet Information Server, Visual Interdev | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | |||||