U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:microsoft:internet_information_server:4.0
There are 90 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-1999-1451

The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.

Published: December 31, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-1591

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

Published: December 31, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2000-0024

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Published: December 21, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2000-0025

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

Published: December 21, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0777

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

Published: September 23, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

Published: August 19, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-1999-0861

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Published: August 11, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-1999-0867

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

Published: August 11, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-1011

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Published: July 19, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-1537

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Published: July 07, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-1478

The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.

Published: July 06, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0874

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Published: June 16, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0736

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0737

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0738

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0739

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

Published: May 07, 1999; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Published: February 19, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-1375

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.

Published: February 11, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0407

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Published: February 09, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0348

IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Published: January 27, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM