Microsoft Internet Information Server (IIS) 4.0

CPE Details

Microsoft Internet Information Server (IIS) 4.0
microsoft
internet_information_services
4.0
2020-11-23
18h49 +00:00
2020-11-23
18h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*

Informations

Vendor

microsoft

Product

internet_information_services

Version

4.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2011-5279 2014-04-23 18h00 +00:00 CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
5
CVE-2009-4445 2009-12-29 18h00 +00:00 Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
6