Microsoft: >> Internet Information Server Security Vulnerabilities
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
CVSS Score
5.0
EPSS Score
0.46
Published
1999-12-21
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
CVSS Score
7.5
EPSS Score
0.013
Published
1999-09-23
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
CVSS Score
7.1
EPSS Score
0.385
Published
1999-08-19
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVSS Score
2.6
EPSS Score
0.055
Published
1999-08-11
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVSS Score
5.0
EPSS Score
0.17
Published
1999-08-11
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.793
Published
1999-07-19
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
CVSS Score
5.0
EPSS Score
0.013
Published
1999-07-07
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
CVSS Score
5.0
EPSS Score
0.205
Published
1999-07-06
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
CVSS Score
10.0
EPSS Score
0.858
Published
1999-06-16
Denial of service in Windows NT IIS server using ..\..
CVSS Score
5.0
EPSS Score
0.049
Published
1999-05-12