National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:microsoft:internet_information_server:4.0:alpha
There are 97 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2000-0114

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.

Published: February 02, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0126

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.

Published: January 26, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.

Published: January 21, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0071

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

Published: January 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1035

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1148

FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1233

IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-1451

The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.

Published: December 31, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0024

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Published: December 21, 1999; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2000-0025

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

Published: December 21, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0777

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

Published: September 23, 1999; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

Published: August 19, 1999; 12:00:00 AM -04:00
    V2: 7.1 HIGH
CVE-1999-0861

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Published: August 11, 1999; 12:00:00 AM -04:00
    V2: 2.6 LOW
CVE-1999-0867

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

Published: August 11, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-1011

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Published: July 19, 1999; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-1999-1537

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Published: July 07, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-1478

The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.

Published: July 06, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0874

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Published: June 16, 1999; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-1999-0229

Denial of service in Windows NT IIS server using ..\..

Published: May 12, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0736

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM