Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
42 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
43 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
44 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
45 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
46 IIS 6.0 6.0 May 28, 2003 0 6 4 1
47 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
48 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
49 IIS 4.0 4.0 0 34 51 4
50 IIS 3.0 3.0 0 9 21 1
51 IIS 2.0 2.0 0 3 6 0
52 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 7.5
5.0 		HIGH
Network 		FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. CWE-131
Incorrect Calculation of Buffer Size 		CVE-2001-0334 cpe:2.3:a:microsoft:internet_information_server:*:* 5.0 2024-02-2 12:06
2001-06-27 		Show GitHub Exploit DB Packet Storm
42 -
5.0 		MEDIUM Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. NVD-CWE-Other
CVE-2000-1090 cpe:2.3:a:microsoft:internet_information_server:5.0:*
cpe:2.3:a:microsoft:internet_information_server:4.0:* 		2018-01-12 01:57
2001-02-12 		Show GitHub Exploit DB Packet Storm
43 -
5.0 		MEDIUM IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI … NVD-CWE-Other
CVE-2001-0004 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2001-02-12 		Show GitHub Exploit DB Packet Storm
44 -
5.0 		MEDIUM FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. NVD-CWE-Other
CVE-2001-0096 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2001-02-12 		Show GitHub Exploit DB Packet Storm
45 -
7.5 		HIGH Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which… NVD-CWE-Other
CVE-2000-1104 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2001-01-9 		Show GitHub Exploit DB Packet Storm
46 -
4.6 		MEDIUM Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. NVD-CWE-Other
CVE-2000-1147 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2017-12-19 11:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
47 -
7.5 		HIGH IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Se… NVD-CWE-Other
CVE-2000-0884 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-12-19 		Show GitHub Exploit DB Packet Storm
48 -
7.5 		HIGH IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Pa… NVD-CWE-Other
CVE-2000-0886 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-12-19 		Show GitHub Exploit DB Packet Storm
49 -
7.5 		HIGH IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to … NVD-CWE-Other
CVE-2000-0970 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-12-19 		Show GitHub Exploit DB Packet Storm
50 -
5.0 		MEDIUM Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid U… NVD-CWE-Other
CVE-2000-0858 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2017-10-10 10:29
2000-11-14 		Show GitHub Exploit DB Packet Storm