Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
12 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
13 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
14 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
15 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
16 IIS 6.0 6.0 May 28, 2003 0 6 4 1
17 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
18 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
19 IIS 4.0 4.0 0 34 51 4
20 IIS 3.0 3.0 0 9 21 1
21 IIS 2.0 2.0 0 3 6 0
22 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 -
5.0 		MEDIUM The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND… NVD-CWE-Other
CVE-2003-0718 cpe:2.3:a:microsoft:internet_information_server:6.0:* 2020-11-24 04:49
2004-11-3 		Show GitHub Exploit DB Packet Storm
12 -
7.2 		HIGH Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. NVD-CWE-Other
CVE-2004-0205 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-13 06:34
2004-08-6 		Show GitHub Exploit DB Packet Storm
13 -
6.8 		MEDIUM Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL contai… NVD-CWE-Other
CVE-2003-0223 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2020-11-24 04:49
2003-06-9 		Show GitHub Exploit DB Packet Storm
14 -
5.0 		MEDIUM The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a lar… NVD-CWE-Other
CVE-2003-0225 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2003-06-9 		Show GitHub Exploit DB Packet Storm
15 -
5.0 		MEDIUM Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is … NVD-CWE-Other
CVE-2002-1694 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:4.0:* 		2018-10-31 01:25
2002-12-31 		Show GitHub Exploit DB Packet Storm
16 -
5.0 		MEDIUM Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security … NVD-CWE-Other
CVE-2002-1695 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2002-12-31 		Show GitHub Exploit DB Packet Storm
17 -
5.0 		MEDIUM The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, … NVD-CWE-noinfo
CVE-2002-1790 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2020-04-9 22:47
2002-12-31 		Show GitHub Exploit DB Packet Storm
18 -
7.5 		HIGH Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process ap… NVD-CWE-Other
CVE-2002-0869 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2020-11-24 04:49
2002-11-12 		Show GitHub Exploit DB Packet Storm
19 -
6.8 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as ot… NVD-CWE-Other
CVE-2002-1181 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2020-11-24 04:49
2002-11-12 		Show GitHub Exploit DB Packet Storm
20 -
5.0 		MEDIUM Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in cert… CWE-200
Information Exposure 		CVE-2002-0419 cpe:2.3:a:microsoft:internet_information_server:4.0:alpha
cpe:2.3:a:microsoft:internet_information_server:4.0:* 		2020-11-24 04:49
2002-08-12 		Show GitHub Exploit DB Packet Storm