Microsoft: >> Internet Information Services >> 5.0 Security Vulnerabilities
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
CVSS Score
5.0
EPSS Score
0.763
Published
2000-03-30
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVSS Score
5.0
EPSS Score
0.407
Published
2000-01-11
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVSS Score
7.5
EPSS Score
0.079
Published
1999-01-26
Page 8