Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
52 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
53 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
54 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
55 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
56 IIS 6.0 6.0 May 28, 2003 0 6 4 1
57 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
58 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
59 IIS 4.0 4.0 0 34 51 4
60 IIS 3.0 3.0 0 9 21 1
61 IIS 2.0 2.0 0 3 6 0
62 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 -
6.4 		MEDIUM IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictio… NVD-CWE-Other
CVE-2000-0770 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-10-20 		Show GitHub Exploit DB Packet Storm
52 -
7.5 		HIGH Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which ar… NVD-CWE-Other
CVE-2000-0746 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2023-11-7 10:55
2000-10-20 		Show GitHub Exploit DB Packet Storm
53 -
5.0 		MEDIUM IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. NVD-CWE-Other
CVE-2000-0630 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-07-17 		Show GitHub Exploit DB Packet Storm
54 -
5.0 		MEDIUM An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent D… NVD-CWE-Other
CVE-2000-0631 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2018-10-31 01:25
2000-07-14 		Show GitHub Exploit DB Packet Storm
55 -
2.6 		LOW IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. CWE-200
Information Exposure 		CVE-2000-0649 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2020-11-24 04:49
2000-07-13 		Show GitHub Exploit DB Packet Storm
56 -
5.0 		MEDIUM IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulne… NVD-CWE-Other
CVE-2000-0408 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-05-11 		Show GitHub Exploit DB Packet Storm
57 -
7.5 		HIGH ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HT… NVD-CWE-Other
CVE-2000-0457 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-05-11 		Show GitHub Exploit DB Packet Storm
58 -
5.0 		MEDIUM Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimite… NVD-CWE-Other
CVE-2000-0304 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-05-10 		Show GitHub Exploit DB Packet Storm
59 -
5.0 		MEDIUM The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does n… NVD-CWE-Other
CVE-2000-0413 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-05-6 		Show GitHub Exploit DB Packet Storm
60 7.5
5.0 		HIGH
Network 		IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. CWE-20
 Improper Input Validation  		CVE-2000-0258 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-04-12 		Show GitHub Exploit DB Packet Storm