| Microsoft-IIS | Number Of NVD | 104 | CRITICAL | 0 | HIGH | 40 | MEDIUM | 59 | LOW | 5 |
| URL | https://www.iis.net/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | This is a web application server that comes with Windows. IIS 7.5: Included with Windows 7 and Windows Server 2008 R2 IIS 8.0: Included with Windows 8 and Windows Server 2012 IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2 IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019 The support expiration date will be determined according to the OS that is included. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 101 | IIS 10.0 | 10.0 | Oct. 12, 2016 | Jan. 11, 2022 | Jan. 11, 2027 | 0 | 0 | 0 | 0 | ||
| 102 | IIS 8.5 | 8.5 | Nov. 13, 2013 | 0 | 0 | 0 | 0 | ||||
| 103 | IIS 8.0 | 8.0 | Oct. 30, 2012 | 0 | 0 | 0 | 0 | ||||
| 104 | IIS 7.5 | 7.5 | Oct. 22, 2009 | 0 | 0 | 0 | 0 | ||||
| 105 | IIS 7.0 | 7.0 | Jan. 25, 2007 | 0 | 0 | 0 | 0 | ||||
| 106 | IIS 6.0 | 6.0 | May 28, 2003 | 0 | 6 | 4 | 1 | ||||
| 107 | IIS 5.1 | 5.1 | Dec. 31, 2001 | 0 | 2 | 0 | 0 | ||||
| 108 | IIS 5.0 | 5.0 | May 17, 2000 | June 30, 2005 | July 13, 2010 | 0 | 4 | 5 | 0 | ||
| 109 | IIS 4.0 | 4.0 | 0 | 34 | 51 | 4 | |||||
| 110 | IIS 3.0 | 3.0 | 0 | 9 | 21 | 1 | |||||
| 111 | IIS 2.0 | 2.0 | 0 | 3 | 6 | 0 | |||||
| 112 | IIS 1.0 | 1.0 | 0 | 3 | 6 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 101 |
- 5.0 |
MEDIUM | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. |
NVD-CWE-Other
|
CVE-1999-0012 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2022-08-17 16:15 1998-02-6 |
Show | GitHub Exploit DB Packet Storm | ||||
| 102 |
- 6.4 |
MEDIUM | IIS newdsn.exe CGI script allows remote users to overwrite files. |
NVD-CWE-Other
|
CVE-1999-0191 | cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2008-09-9 21:33 1997-09-1 |
Show | GitHub Exploit DB Packet Storm | ||||
| 103 |
- 5.0 |
MEDIUM | Denial of service in IIS using long URLs. |
NVD-CWE-Other
|
CVE-1999-0281 | cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2022-08-17 17:15 1997-06-1 |
Show | GitHub Exploit DB Packet Storm | ||||
| 104 |
- 7.5 |
HIGH | IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. |
NVD-CWE-Other
|
CVE-1999-0253 | cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2022-08-17 15:15 1997-01-1 |
Show | GitHub Exploit DB Packet Storm |