National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:microsoft:internet_information_server:4.0:alpha
There are 97 matching records.
Displaying matches 81 through 97.
Vuln ID Summary CVSS Severity
CVE-1999-0737

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0738

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0739

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Published: February 19, 1999; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-1375

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.

Published: February 11, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0407

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Published: February 09, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-1999-0348

IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Published: January 27, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0349

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

Published: January 27, 1999; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

Published: January 26, 1999; 12:00:00 AM -05:00
    V2: 7.8 HIGH
CVE-1999-0450

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

Published: January 26, 1999; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-1999-1544

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.

Published: January 24, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-1376

Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.

Published: January 14, 1999; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-1999-1538

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Published: January 14, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-0448

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

Published: January 01, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0007

Information from SSL-encrypted sessions via PKCS #1.

Published: June 26, 1998; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

Published: June 01, 1998; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-1999-0012

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

Published: February 06, 1998; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM