| Microsoft-IIS | Number Of NVD | 104 | CRITICAL | 0 | HIGH | 40 | MEDIUM | 59 | LOW | 5 |
| URL | https://www.iis.net/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | This is a web application server that comes with Windows. IIS 7.5: Included with Windows 7 and Windows Server 2008 R2 IIS 8.0: Included with Windows 8 and Windows Server 2012 IIS 8.5: Included with Windows 8.1 and Windows Server 2012 R2 IIS 10.0: Included with Windows 10 and Windows Server 2016 and Windows Server 2019 The support expiration date will be determined according to the OS that is included. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 81 | IIS 10.0 | 10.0 | Oct. 12, 2016 | Jan. 11, 2022 | Jan. 11, 2027 | 0 | 0 | 0 | 0 | ||
| 82 | IIS 8.5 | 8.5 | Nov. 13, 2013 | 0 | 0 | 0 | 0 | ||||
| 83 | IIS 8.0 | 8.0 | Oct. 30, 2012 | 0 | 0 | 0 | 0 | ||||
| 84 | IIS 7.5 | 7.5 | Oct. 22, 2009 | 0 | 0 | 0 | 0 | ||||
| 85 | IIS 7.0 | 7.0 | Jan. 25, 2007 | 0 | 0 | 0 | 0 | ||||
| 86 | IIS 6.0 | 6.0 | May 28, 2003 | 0 | 6 | 4 | 1 | ||||
| 87 | IIS 5.1 | 5.1 | Dec. 31, 2001 | 0 | 2 | 0 | 0 | ||||
| 88 | IIS 5.0 | 5.0 | May 17, 2000 | June 30, 2005 | July 13, 2010 | 0 | 4 | 5 | 0 | ||
| 89 | IIS 4.0 | 4.0 | 0 | 34 | 51 | 4 | |||||
| 90 | IIS 3.0 | 3.0 | 0 | 9 | 21 | 1 | |||||
| 91 | IIS 2.0 | 2.0 | 0 | 3 | 6 | 0 | |||||
| 92 | IIS 1.0 | 1.0 | 0 | 3 | 6 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 81 |
- 5.0 |
MEDIUM | IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the… |
NVD-CWE-Other
|
CVE-1999-1537 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2017-10-10 10:29 1999-07-7 |
Show | GitHub Exploit DB Packet Storm | ||||
| 82 |
- 5.0 |
MEDIUM | The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. |
NVD-CWE-Other
|
CVE-1999-1478 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2017-10-10 10:29 1999-07-6 |
Show | GitHub Exploit DB Packet Storm | ||||
| 83 |
- 10.0 |
HIGH | Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-1999-0874 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2023-11-7 10:55 1999-06-16 |
Show | GitHub Exploit DB Packet Storm | ||||
| 84 |
- 5.0 |
MEDIUM | The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
NVD-CWE-Other
|
CVE-1999-0736 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2018-10-13 06:29 1999-05-7 |
Show | GitHub Exploit DB Packet Storm | ||||
| 85 |
- 5.0 |
MEDIUM | The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
NVD-CWE-Other
|
CVE-1999-0737 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2018-10-13 06:29 1999-05-7 |
Show | GitHub Exploit DB Packet Storm | ||||
| 86 |
- 5.0 |
MEDIUM | The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
NVD-CWE-Other
|
CVE-1999-0738 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2018-10-13 06:29 1999-05-7 |
Show | GitHub Exploit DB Packet Storm | ||||
| 87 |
- 5.0 |
MEDIUM | The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
NVD-CWE-Other
|
CVE-1999-0739 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2018-10-13 06:29 1999-05-7 |
Show | GitHub Exploit DB Packet Storm | ||||
| 88 |
- 7.5 |
HIGH | In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. |
NVD-CWE-Other
|
CVE-1999-0412 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2020-11-24 04:49 1999-02-19 |
Show | GitHub Exploit DB Packet Storm | ||||
| 89 |
- 5.0 |
MEDIUM | FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. |
NVD-CWE-Other
|
CVE-1999-1375 |
cpe:2.3:a:microsoft:internet_information_server:4.0:* cpe:2.3:a:microsoft:internet_information_server:3.0:* |
2016-10-18 11:03 1999-02-11 |
Show | GitHub Exploit DB Packet Storm | ||||
| 90 |
- 10.0 |
HIGH | By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. |
NVD-CWE-Other
|
CVE-1999-0407 | cpe:2.3:a:microsoft:internet_information_server:4.0:* |
2016-10-18 10:59 1999-02-9 |
Show | GitHub Exploit DB Packet Storm |