Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Internet Information Server  Security Vulnerabilities
CVE-2000-0115
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
CVSS Score
5.0
EPSS Score
0.049
Published
2000-01-21
CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVSS Score
5.0
EPSS Score
0.714
Published
2000-01-11
CVE-1999-0154
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
CVSS Score
5.0
EPSS Score
0.548
Published
1999-12-31
CVE-1999-1035
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
CVSS Score
5.0
EPSS Score
0.181
Published
1999-12-31
CVE-1999-1148
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
CVSS Score
5.0
EPSS Score
0.181
Published
1999-12-31
CVE-1999-1223
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
CVSS Score
5.0
EPSS Score
0.155
Published
1999-12-31
CVE-1999-1233
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
CVSS Score
7.5
EPSS Score
0.103
Published
1999-12-31
CVE-1999-1451
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
CVSS Score
5.0
EPSS Score
0.356
Published
1999-12-31
CVE-1999-1591
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
CVSS Score
7.5
EPSS Score
0.159
Published
1999-12-31
CVE-2000-0024
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
CVSS Score
6.4
EPSS Score
0.12
Published
1999-12-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved