Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1451 | 1 Microsoft | 2 Internet Information Server, Site Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | |||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 10.0 HIGH | N/A |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | |||||
| CVE-1999-1233 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 7.5 HIGH | N/A |
| IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | |||||
| CVE-1999-1223 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | |||||
| CVE-1999-1148 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | |||||
| CVE-1999-1035 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. | |||||
| CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2024-11-20 | 10.0 HIGH | N/A |
| The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-0874 | 1 Microsoft | 3 Internet Information Server, Windows 2000, Windows Nt | 2024-11-20 | 10.0 HIGH | N/A |
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | |||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||||
| CVE-1999-0861 | 1 Microsoft | 4 Commercial Internet System, Internet Information Server, Site Server and 1 more | 2024-11-20 | 2.6 LOW | N/A |
| Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | |||||
| CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2024-11-20 | 7.5 HIGH | N/A |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | |||||
| CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0738 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0737 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 7.1 HIGH | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||||
| CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 7.5 HIGH | N/A |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | |||||
| CVE-1999-0449 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 7.8 HIGH | N/A |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. | |||||
| CVE-1999-0448 | 1 Microsoft | 1 Internet Information Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | |||||