Microsoft Internet Information Server (IIS) 2.0

CPE Details

Microsoft Internet Information Server (IIS) 2.0
microsoft
internet_information_services
2.0
2020-11-23
18h49 +00:00
2020-11-23
18h49 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:microsoft:internet_information_services:2.0:*:*:*:*:*:*:*

Informations

Vendor

microsoft

Product

internet_information_services

Version

2.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2009-4445 2009-12-29 18h00 +00:00 Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
6
CVE-2006-6579 2006-12-15 18h00 +00:00 Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
4.4
CVE-1999-0154 2001-09-12 02h00 +00:00 IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
5
CVE-2000-0649 2000-08-03 02h00 +00:00 IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
2.6
CVE-1999-0253 2000-02-04 04h00 +00:00 IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
7.5
CVE-1999-0450 2000-02-04 04h00 +00:00 In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
7.5
CVE-1999-0281 1999-09-29 02h00 +00:00 Denial of service in IIS using long URLs.
5
CVE-1999-0412 1999-09-29 02h00 +00:00 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
7.5