Microsoft Internet Information Server (IIS) 3.0

CPE Details

Microsoft Internet Information Server (IIS) 3.0
3.0
2020-11-23
18h49 +00:00
2020-11-23
18h49 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:microsoft:internet_information_services:3.0:*:*:*:*:*:*:*

Informations

Vendor

microsoft

Product

internet_information_services

Version

3.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-4445 2009-12-29 18h00 +00:00 Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
6