Microsoft Internet Information Server vulnerabilities

CVE-2000-0246 [MEDIUM] CVE-2000-0246: IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mappe IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

CVE-2000-0226 [MEDIUM] CVE-2000-0226: IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."

CVE-2000-0167 [LOW] CVE-2000-0167: IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.

CVE-2000-0114 [MEDIUM] CVE-2000-0114: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account v Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.

CVE-2000-0126 [MEDIUM] CVE-2000-0126: Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a . Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.

CVE-2000-0071 [MEDIUM] CVE-2000-0071: IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non- IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

CVE-1999-1591 [HIGH] CVE-1999-1591: Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

CVE-1999-1233 [HIGH] CVE-1999-1233: IIS 4.0 does not properly restrict access for the initial session request from a user's IP address i IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

CVE-1999-1223 [MEDIUM] CVE-1999-1223: IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which t IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.

CVE-1999-1451 [MEDIUM] CVE-1999-1451: The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.

CVE-1999-1148 [MEDIUM] CVE-1999-1148: FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource ex FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

CVE-1999-0154 [MEDIUM] CVE-1999-0154: IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.

CVE-1999-1035 [MEDIUM] CVE-1999-1035: IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a m IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.

CVE-2000-0024 [MEDIUM] CVE-2000-0024: IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access rest IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

CVE-2000-0025 [MEDIUM] CVE-2000-0025: IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

CVE-1999-0777 [HIGH] CWE-264 CVE-1999-0777: IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

CVE-1999-0725 [HIGH] CWE-16 CVE-1999-0725: When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

CVE-1999-0867 [MEDIUM] CWE-20 CVE-1999-0867: Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

CVE-1999-0861 [LOW] CWE-362 CVE-1999-0861: Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

CVE-1999-1011 [CRITICAL] CWE-264 CVE-1999-1011: The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in II The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.