Computer Security
[EN] securityvulns.ru no-pyccku


See also
  MICROSOFT : Internet Information Server 6.0
  MICROSOFT : Internet Information Server 5.1
  MICROSOFT : Internet Information Server 4.0
Name:MICROSOFT : Internet Information Server 5.0

7!Microsoft Internet Information Server DoS
updated since 18.12.2005
document Request like http://www.example.com/_vti_bin/.dll/*\~0 for virtual folders with CGI execution enabled causes server to crash and potentially leads to code execution.
6!Microsoft IS error pages information leak
document Request variable SERVER_NAME controllable by client is used to validate server access.
6!Multiple FTP servers path globbing DoS
updated since 16.03.2001
document Command like ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* causes server to hang.
6!Microsoft WebDAV XML DoS
document Large number of attributes in requests causes resource exhaustion.
 Internet explorer (and others) CA certificate attack
updated since 15.08.2002
document For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate.
7!Microsoft Internet Information Services multiple bugs
updated since 29.05.2003
document Windows Media Services DoS, Crossite scripting, local buffer overflows, DoS through WebDAV.
8!Microsoft IIS WebDav buffer overflow
updated since 18.03.2003
document Buffer overflow in path conversion routine.
 Microsoft IIS local ASP DoS
document Insertion of oversized header line via Response.AddHeader causes server to crash.
 Microsoft IIS .idc crossite scripting
document On oversized URL error message contains URL without modification.
6!Buffer overflow in Microsoft FrontPage SmartHTML
document Buffer overflow in shtml.dll
 Mail relaying via IIS SMTP service
document Unauthorized mail relayin then using speciall address format.
7!Buffer overflow in Microsoft IIS HTR
document Buffer overflow on chunk-encoded POST request.
8!Multiple bugs in Microsoft Internet Information Server
updated since 10.04.2002
document Multiple buffer overflows, crossite scripting, DoS.
 DoS через Content-Length в Microsoft IIS
   
6!Повышение привилегий в IIS (privelege escalation)
updated since 16.08.2001
   
 DoS против обработчика ASP в IIS (ASP special device name DoS)
   
 Переполнение буфера в FrontPage Server Extensions (RAD buffer overflow)
updated since 23.06.2001
   
 DoS против IIS (malformed WebDav request)
updated since 11.03.2001
   
8!Дырка в IIS (double decoding directory traversal)
updated since 15.05.2001
   
9!Дырка в IIS 5 (Internet Printing Protocol buffer overflow)
updated since 03.05.2001
   
 DoS против IIS 5.0 (Malformed URL)
   
 Дырка в HTR-файлах IIS
updated since 11.05.2000
   
6!DoS против IIS (format string)
   
 DoS против IIS через FrontPage Server Extensions (Web Form Submission)
updated since 22.12.2000
   
6!Дырка в IIS (File Request Parsing)
updated since 08.11.2000
   
 Компрометация сервера через URL (URL javascript)
updated since 22.08.2000
   
 Уявзвимость в IIS при обработке HTW (.htw URL script)
   
 Проблемы с Secure Session Id в IIS
   
7!Заткнута дырка в IIS (File Permission Canonicalization, Web Server Folder Traversal)
updated since 12.08.2000
   
6!Заткнута дырка в IIS (Specialized Header)
updated since 15.08.2000
   
 Заткнута дырка в IIS
updated since 15.07.2000
   
6!DoS через расширения URL в IIS
   
6!Заткнута очередная дырка в IIS
   
6!Microsoft заткнул дырку в IIS
   
                    

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod