Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
62 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
63 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
64 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
65 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
66 IIS 6.0 6.0 May 28, 2003 0 6 4 1
67 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
68 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
69 IIS 4.0 4.0 0 34 51 4
70 IIS 3.0 3.0 0 9 21 1
71 IIS 2.0 2.0 0 3 6 0
72 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 -
5.0 		MEDIUM IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka… NVD-CWE-Other
CVE-2000-0246 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-31 01:25
2000-03-30 		Show GitHub Exploit DB Packet Storm
62 -
5.0 		MEDIUM IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." NVD-CWE-Other
CVE-2000-0226 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-13 06:29
2000-03-20 		Show GitHub Exploit DB Packet Storm
63 -
2.1 		LOW IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. NVD-CWE-Other
CVE-2000-0167 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2008-09-11 04:03
2000-02-15 		Show GitHub Exploit DB Packet Storm
64 -
5.0 		MEDIUM Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. NVD-CWE-Other
CVE-2000-0114 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2022-08-17 19:15
2000-02-2 		Show GitHub Exploit DB Packet Storm
65 -
5.0 		MEDIUM Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. NVD-CWE-Other
CVE-2000-0126 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2022-08-17 19:15
2000-01-26 		Show GitHub Exploit DB Packet Storm
66 -
5.0 		MEDIUM IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. NVD-CWE-Other
CVE-2000-0071 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2018-10-31 01:25
2000-01-11 		Show GitHub Exploit DB Packet Storm
67 -
5.0 		MEDIUM IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. NVD-CWE-Other
CVE-1999-1035 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2018-10-13 06:29
1999-12-31 		Show GitHub Exploit DB Packet Storm
68 -
5.0 		MEDIUM FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. NVD-CWE-Other
CVE-1999-1148 cpe:2.3:a:microsoft:internet_information_server:*:* 4.0 2018-10-13 06:29
1999-12-31 		Show GitHub Exploit DB Packet Storm
69 -
5.0 		MEDIUM IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. NVD-CWE-Other
CVE-1999-1223 cpe:2.3:a:microsoft:internet_information_server:3.0:* 2017-10-10 10:29
1999-12-31 		Show GitHub Exploit DB Packet Storm
70 -
7.5 		HIGH IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. NVD-CWE-Other
CVE-1999-1233 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-13 06:29
1999-12-31 		Show GitHub Exploit DB Packet Storm