Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft-IIS Number Of NVD 104 CRITICAL 0 HIGH 40 MEDIUM 59 LOW 5
URL https://www.iis.net/
Explanation This is a web application server that comes with Windows.

IIS 7.5: Included with Windows 7 and Windows Server 2008 R2
IIS 8.0: Included with Windows 8 and Windows Server 2012
IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2
IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019

The support expiration date will be determined according to the OS that is included.
Tag
  • Microsoft
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 IIS 10.0 10.0 Oct. 12, 2016 Jan. 11, 2022 Jan. 11, 2027 0 0 0 0
72 IIS 8.5 8.5 Nov. 13, 2013 0 0 0 0
73 IIS 8.0 8.0 Oct. 30, 2012 0 0 0 0
74 IIS 7.5 7.5 Oct. 22, 2009 0 0 0 0
75 IIS 7.0 7.0 Jan. 25, 2007 0 0 0 0
76 IIS 6.0 6.0 May 28, 2003 0 6 4 1
77 IIS 5.1 5.1 Dec. 31, 2001 0 2 0 0
78 IIS 5.0 5.0 May 17, 2000 June 30, 2005 July 13, 2010 0 4 5 0
79 IIS 4.0 4.0 0 34 51 4
80 IIS 3.0 3.0 0 9 21 1
81 IIS 2.0 2.0 0 3 6 0
82 IIS 1.0 1.0 0 3 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 -
5.0 		MEDIUM The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. NVD-CWE-Other
CVE-1999-1451 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2018-10-13 06:29
1999-12-31 		Show GitHub Exploit DB Packet Storm
72 -
7.5 		HIGH Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote atta… NVD-CWE-Other
CVE-1999-1591 cpe:2.3:a:microsoft:internet_information_server:4.0:sp4 2008-09-6 05:19
1999-12-31 		Show GitHub Exploit DB Packet Storm
73 -
5.0 		MEDIUM IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. NVD-CWE-Other
CVE-1999-0154 cpe:2.3:a:microsoft:internet_information_server:3.0:* 2022-08-17 16:15
1999-12-31 		Show GitHub Exploit DB Packet Storm
74 -
6.4 		MEDIUM IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerab… NVD-CWE-Other
CVE-2000-0024 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2023-11-7 10:55
1999-12-21 		Show GitHub Exploit DB Packet Storm
75 -
5.0 		MEDIUM IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka t… NVD-CWE-Other
CVE-2000-0025 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2023-11-7 10:55
1999-12-21 		Show GitHub Exploit DB Packet Storm
76 -
7.5 		HIGH IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. CWE-264
Permissions, Privileges, and Access Controls 		CVE-1999-0777 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2023-11-7 10:55
1999-09-23 		Show GitHub Exploit DB Packet Storm
77 -
7.1 		HIGH When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". CWE-16
Configuration 		CVE-1999-0725 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2… 		2023-11-7 10:55
1999-08-19 		Show GitHub Exploit DB Packet Storm
78 -
2.6 		LOW Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. CWE-362
Race Condition 		CVE-1999-0861 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2023-11-7 10:55
1999-08-11 		Show GitHub Exploit DB Packet Storm
79 -
5.0 		MEDIUM Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. CWE-20
 Improper Input Validation  		CVE-1999-0867 cpe:2.3:a:microsoft:internet_information_server:4.0:* 2023-11-7 10:55
1999-08-11 		Show GitHub Exploit DB Packet Storm
80 -
10.0 		HIGH The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. CWE-264
Permissions, Privileges, and Access Controls 		CVE-1999-1011 cpe:2.3:a:microsoft:internet_information_server:4.0:*
cpe:2.3:a:microsoft:internet_information_server:3.0:* 		2018-10-16 03:29
1999-07-19 		Show GitHub Exploit DB Packet Storm