Microsoft: >> Internet Information Server Security Vulnerabilities
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVSS Score
7.5
EPSS Score
0.324
Published
1999-01-26
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
CVSS Score
5.0
EPSS Score
0.068
Published
1999-01-24
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.549
Published
1999-01-14
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVSS Score
2.1
EPSS Score
0.566
Published
1999-01-14
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVSS Score
5.0
EPSS Score
0.533
Published
1999-01-01
Information from SSL-encrypted sessions via PKCS #1.
CVSS Score
5.0
EPSS Score
0.051
Published
1998-06-26
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVSS Score
5.0
EPSS Score
0.761
Published
1998-06-01
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
CVSS Score
7.0
EPSS Score
0.005
Published
1998-02-06
IIS newdsn.exe CGI script allows remote users to overwrite files.
CVSS Score
6.4
EPSS Score
0.62
Published
1997-09-01
Denial of service in IIS using long URLs.
CVSS Score
5.0
EPSS Score
0.093
Published
1997-06-01