Microsoft Internet Information Server (IIS) 1.0

CPE Details

Microsoft Internet Information Server (IIS) 1.0
microsoft
internet_information_services
1.0
2020-11-23
18h49 +00:00
2020-11-23
18h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:microsoft:internet_information_services:1.0:*:*:*:*:*:*:*

Informations

Vendor

microsoft

Product

internet_information_services

Version

1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-4445 2009-12-29 18h00 +00:00 Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
6
CVE-2006-6579 2006-12-15 18h00 +00:00 Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
4.4
CVE-1999-0253 2000-02-04 04h00 +00:00 IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
7.5
CVE-1999-0233 2000-01-18 04h00 +00:00 IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
10