Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
32 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
33 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
34 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
35 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
36 IIS 6.0 6.0 May 28, 2003 0 6 4 1
37 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
38 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
39 IIS 4.0 4.0 0 34 51 4
40 IIS 3.0 3.0 0 9 21 1
41 IIS 2.0 2.0 0 3 6 0
42 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 -
7.5 		HIGH Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via H… NVD-CWE-Other
CVE-2002-0150 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2020-11-24 04:49
2002-04-22 		Show GitHub Exploit DB Packet Storm
32 -
5.0 		MEDIUM IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. NVD-CWE-Other
CVE-2001-0545 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-13 06:30
2001-10-30 		Show GitHub Exploit DB Packet Storm
33 -
7.2 		HIGH Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the direc… NVD-CWE-Other
CVE-2001-0506 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2001-09-20 		Show GitHub Exploit DB Packet Storm
34 -
5.0 		MEDIUM Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. NVD-CWE-Other
CVE-2001-0709 cpe:2.3:a:microsoft:internet_information_server:*:* 4.0 2017-12-19 11:29
2001-09-20 		Show GitHub Exploit DB Packet Storm
35 -
10.0 		HIGH Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Int… NVD-CWE-Other
CVE-2001-0500 cpe:2.3:a:microsoft:internet_information_server:*:beta 6.0 2018-10-13 06:30
2001-07-21 		Show GitHub Exploit DB Packet Storm
36 -
5.0 		MEDIUM Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSyste… NVD-CWE-Other
CVE-2001-1243 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2001-07-4 		Show GitHub Exploit DB Packet Storm
37 -
7.5 		HIGH Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. NVD-CWE-Other
CVE-2001-0333 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:*:* 		5.0 2018-10-13 06:30
2001-06-27 		Show GitHub Exploit DB Packet Storm
38 -
5.0 		MEDIUM FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. NVD-CWE-Other
CVE-2001-0335 cpe:2.3:a:microsoft:internet_information_server:*:* 5.0 2018-10-13 06:30
2001-06-27 		Show GitHub Exploit DB Packet Storm
39 -
5.0 		MEDIUM The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. NVD-CWE-Other
CVE-2001-0336 cpe:2.3:a:microsoft:internet_information_server:*:* 5.0 2018-10-13 06:30
2001-06-27 		Show GitHub Exploit DB Packet Storm
40 -
5.0 		MEDIUM The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. NVD-CWE-Other
CVE-2001-0337 cpe:2.3:a:microsoft:internet_information_server:*:* 5.0 2018-10-13 06:30
2001-06-27 		Show GitHub Exploit DB Packet Storm