Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
2 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
3 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
4 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
5 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
6 IIS 6.0 6.0 May 28, 2003 0 6 4 1
7 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
8 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
9 IIS 4.0 4.0 0 34 51 4
10 IIS 3.0 3.0 0 9 21 1
11 IIS 2.0 2.0 0 3 6 0
12 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 -
4.3 		MEDIUM Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2010-1899 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2024-11-21 10:15
2010-09-16 		Show GitHub Exploit DB Packet Storm
2 -
8.5 		HIGH Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors r… CWE-94
Code Injection 		CVE-2010-1256 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2023-12-8 03:38
2010-06-9 		Show GitHub Exploit DB Packet Storm
3 -
2.6 		LOW Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conju… CWE-79
Cross-site Scripting 		CVE-2003-1582 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2019-07-4 02:25
2010-02-6 		Show GitHub Exploit DB Packet Storm
4 -
9.0 		HIGH Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command … CWE-120
Classic Buffer Overflow 		CVE-2009-3023 cpe:2.3:a:microsoft:internet_information_server:*:* 5.0 6.0 2026-04-23 09:35
2009-09-1 		Show GitHub Exploit DB Packet Storm
5 -
7.2 		HIGH Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot… CWE-264
NVD-CWE-noinfo
Permissions, Privileges, and Access Controls 		CVE-2008-0074 cpe:2.3:a:microsoft:internet_information_server:6.0:beta
cpe:2.3:a:microsoft:internet_information_server:6.0:* 		2026-04-23 09:35
2008-02-13 		Show GitHub Exploit DB Packet Storm
6 -
10.0 		HIGH Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. CWE-94
NVD-CWE-noinfo
Code Injection 		CVE-2008-0075 cpe:2.3:a:microsoft:internet_information_server:6.0:beta
cpe:2.3:a:microsoft:internet_information_server:6.0:* 		2026-04-23 09:35
2008-02-13 		Show GitHub Exploit DB Packet Storm
7 -
7.5 		HIGH Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communica… NVD-CWE-Other
CVE-2007-2897 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2026-04-23 09:35
2007-05-30 		Show GitHub Exploit DB Packet Storm
8 -
4.4 		MEDIUM Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, a… NVD-CWE-Other
CVE-2006-6579 cpe:2.3:a:microsoft:internet_information_server:4.0:alpha
cpe:2.3:a:microsoft:internet_information_server:4.0:*
c… 		5.0 2026-04-23 09:35
2006-12-16 		Show GitHub Exploit DB Packet Storm
9 -
6.5 		MEDIUM Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). NVD-CWE-Other
CVE-2006-0026 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2020-11-24 04:49
2006-07-12 		Show GitHub Exploit DB Packet Storm
10 -
5.0 		MEDIUM Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it … NVD-CWE-Other
CVE-2005-2678 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2020-11-24 04:49
2005-08-23 		Show GitHub Exploit DB Packet Storm