Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Internet Information Server  >> 3.0  Security Vulnerabilities
CVE-1999-1223
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
CVSS Score
5.0
EPSS Score
0.159
Published
1999-12-31
CVE-1999-0725
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
CVSS Score
7.1
EPSS Score
0.385
Published
1999-08-19
CVE-1999-1011
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.793
Published
1999-07-19
CVE-1999-1537
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
CVSS Score
5.0
EPSS Score
0.013
Published
1999-07-07
CVE-1999-1478
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
CVSS Score
5.0
EPSS Score
0.205
Published
1999-07-06
CVE-1999-0229
Denial of service in Windows NT IIS server using ..\..
CVSS Score
5.0
EPSS Score
0.049
Published
1999-05-12
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVSS Score
7.5
EPSS Score
0.383
Published
1999-02-19
CVE-1999-1375
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
CVSS Score
5.0
EPSS Score
0.732
Published
1999-02-11
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.112
Published
1999-01-27
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVSS Score
7.5
EPSS Score
0.324
Published
1999-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved