Microsoft Internet Information Services vulnerabilities

CVE-2005-2678 [MEDIUM] CVE-2005-2678: Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

CVE-2005-2089 [MEDIUM] CWE-444 CVE-2005-2089: Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application fi Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving ser

CVE-2003-0718 [MEDIUM] CVE-2003-0718: The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote a The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

CVE-2003-0224 [CRITICAL] CVE-2003-0224: Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local user Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."

CVE-2003-0225 [MEDIUM] CVE-2003-0225: The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

CVE-2003-0223 [MEDIUM] CVE-2003-0223: Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsof Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

CVE-2003-0226 [MEDIUM] CVE-2003-0226: Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.

CVE-2002-1745 [HIGH] CWE-193 CVE-2002-1745: Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to v Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

CVE-2002-1908 [MEDIUM] CVE-2002-1908: Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.

CVE-2002-1744 [MEDIUM] CVE-2002-1744: Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to vi Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).

CVE-2002-1700 [MEDIUM] CWE-79 CVE-2002-1700: Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

CVE-2002-1717 [MEDIUM] CWE-200 CVE-2002-1717: Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.

CVE-2002-1694 [MEDIUM] CVE-2002-1694: Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_ Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.

CVE-2002-1695 [MEDIUM] CVE-2002-1695: Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

CVE-2002-1790 [MEDIUM] CVE-2002-1790: The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attacker The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

CVE-2002-1718 [MEDIUM] CWE-200 CVE-2002-1718: Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.

CVE-2002-1180 [HIGH] CVE-2002-1180: A typographical error in the script source access permissions for Internet Information Server (IIS) A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

CVE-2002-0869 [HIGH] CVE-2002-0869: Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."

CVE-2002-1182 [MEDIUM] CVE-2002-1182: IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV re IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.

CVE-2002-1181 [MEDIUM] CVE-2002-1181: Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft In Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.