Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Internet Information Server  >> 3.0  Security Vulnerabilities
CVE-2001-0337
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
CVSS Score
5.0
EPSS Score
0.046
Published
2001-06-27
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
CVSS Score
5.0
EPSS Score
0.484
Published
2000-07-14
CVE-2000-0649
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
CVSS Score
2.6
EPSS Score
0.587
Published
2000-07-13
CVE-2000-0114
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
CVSS Score
5.0
EPSS Score
0.031
Published
2000-02-02
CVE-2000-0126
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
CVSS Score
5.0
EPSS Score
0.701
Published
2000-01-26
CVE-2000-0115
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
CVSS Score
5.0
EPSS Score
0.049
Published
2000-01-21
CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVSS Score
5.0
EPSS Score
0.714
Published
2000-01-11
CVE-1999-0154
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
CVSS Score
5.0
EPSS Score
0.484
Published
1999-12-31
CVE-1999-1035
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
CVSS Score
5.0
EPSS Score
0.181
Published
1999-12-31
CVE-1999-1148
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
CVSS Score
5.0
EPSS Score
0.181
Published
1999-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved