Microsoft: >> Internet Information Server >> 6.0 Security Vulnerabilities
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
CVSS Score
7.8
EPSS Score
0.367
Published
2007-01-05
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
CVSS Score
6.5
EPSS Score
0.878
Published
2006-07-11
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
CVSS Score
5.0
EPSS Score
0.382
Published
2005-08-23
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
CVSS Score
5.0
EPSS Score
0.522
Published
2004-11-03
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVSS Score
10.0
EPSS Score
0.91
Published
2001-07-21
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
CVSS Score
5.0
EPSS Score
0.049
Published
2000-01-21
Denial of service in Windows NT IIS server using ..\..
CVSS Score
5.0
EPSS Score
0.049
Published
1999-05-12
Page 2