| Microsoft-IIS | Number Of NVD | 104 | CRITICAL | 0 | HIGH | 40 | MEDIUM | 59 | LOW | 5 |
| URL | https://www.iis.net/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | This is a web application server that comes with Windows. IIS 7.5: Included with Windows 7 and Windows Server 2008 R2 IIS 8.0: Included with Windows 8 and Windows Server 2012 IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2 IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019 The support expiration date will be determined according to the OS that is included. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 91 | IIS 10.0 | 10.0 | Oct. 12, 2016 | Jan. 11, 2022 | Jan. 11, 2027 | 0 | 0 | 0 | 0 | ||
| 92 | IIS 8.5 | 8.5 | Nov. 13, 2013 | 0 | 0 | 0 | 0 | ||||
| 93 | IIS 8.0 | 8.0 | Oct. 30, 2012 | 0 | 0 | 0 | 0 | ||||
| 94 | IIS 7.5 | 7.5 | Oct. 22, 2009 | 0 | 0 | 0 | 0 | ||||
| 95 | IIS 7.0 | 7.0 | Jan. 25, 2007 | 0 | 0 | 0 | 0 | ||||
| 96 | IIS 6.0 | 6.0 | May 28, 2003 | 0 | 6 | 4 | 1 | ||||
| 97 | IIS 5.1 | 5.1 | Dec. 31, 2001 | 0 | 2 | 0 | 0 | ||||
| 98 | IIS 5.0 | 5.0 | May 17, 2000 | June 30, 2005 | July 13, 2010 | 0 | 4 | 5 | 0 | ||
| 99 | IIS 4.0 | 4.0 | 0 | 34 | 51 | 4 | |||||
| 100 | IIS 3.0 | 3.0 | 0 | 9 | 21 | 1 | |||||
| 101 | IIS 2.0 | 2.0 | 0 | 3 | 6 | 0 | |||||
| 102 | IIS 1.0 | 1.0 | 0 | 3 | 6 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 91 |
- 5.0 |
MEDIUM | IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. |
CWE-200
Information Exposure |
CVE-1999-0348 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2023-11-7 10:54 1999-01-27 |
Show | GitHub Exploit DB Packet Storm | ||||
| 92 |
- 7.5 |
HIGH | A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-1999-0349 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2023-11-7 10:54 1999-01-27 |
Show | GitHub Exploit DB Packet Storm | ||||
| 93 |
- 7.8 |
HIGH | The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. |
NVD-CWE-Other
|
CVE-1999-0449 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2008-09-9 21:34 1999-01-26 |
Show | GitHub Exploit DB Packet Storm | ||||
| 94 |
- 7.5 |
HIGH | In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). |
NVD-CWE-Other
|
CVE-1999-0450 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2020-11-24 04:49 1999-01-26 |
Show | GitHub Exploit DB Packet Storm | ||||
| 95 |
- 5.0 |
MEDIUM | Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. |
NVD-CWE-Other
|
CVE-1999-1544 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2016-10-18 11:05 1999-01-24 |
Show | GitHub Exploit DB Packet Storm | ||||
| 96 |
- 10.0 |
HIGH | Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. |
NVD-CWE-Other
|
CVE-1999-1376 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2016-10-18 11:03 1999-01-14 |
Show | GitHub Exploit DB Packet Storm | ||||
| 97 |
- 2.1 |
LOW | When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensiti… |
NVD-CWE-Other
|
CVE-1999-1538 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2016-10-18 11:05 1999-01-14 |
Show | GitHub Exploit DB Packet Storm | ||||
| 98 |
- 5.0 |
MEDIUM | IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. |
NVD-CWE-Other
|
CVE-1999-0448 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2022-08-17 17:15 1999-01-1 |
Show | GitHub Exploit DB Packet Storm | ||||
| 99 |
- 5.0 |
MEDIUM | Information from SSL-encrypted sessions via PKCS #1. |
CWE-327
Use of a Broken or Risky Cryptographic Algorithm |
CVE-1999-0007 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2020-04-2 22:31 1998-06-26 |
Show | GitHub Exploit DB Packet Storm | ||||
| 100 |
- 5.0 |
MEDIUM | In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. |
NVD-CWE-Other
|
CVE-1999-0278 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2018-10-13 06:29 1998-06-1 |
Show | GitHub Exploit DB Packet Storm |