Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Internet Information Server  >> 4.0  Security Vulnerabilities
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVSS Score
7.5
EPSS Score
0.383
Published
1999-02-19
CVE-1999-1375
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.
CVSS Score
5.0
EPSS Score
0.732
Published
1999-02-11
CVE-1999-0407
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
CVSS Score
10.0
EPSS Score
0.296
Published
1999-02-09
CVE-1999-0348
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
CVSS Score
5.0
EPSS Score
0.132
Published
1999-01-27
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.112
Published
1999-01-27
CVE-1999-0449
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
CVSS Score
7.8
EPSS Score
0.362
Published
1999-01-26
CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
CVSS Score
7.5
EPSS Score
0.324
Published
1999-01-26
CVE-1999-1544
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
CVSS Score
5.0
EPSS Score
0.068
Published
1999-01-24
CVE-1999-1376
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.549
Published
1999-01-14
CVE-1999-1538
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVSS Score
2.1
EPSS Score
0.566
Published
1999-01-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved