Microsoft: >> Commercial Internet System Security Vulnerabilities
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
CVSS Score
5.0
EPSS Score
0.836
Published
2000-03-30
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
CVSS Score
7.5
EPSS Score
0.142
Published
2000-01-04
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
CVSS Score
7.5
EPSS Score
0.013
Published
1999-09-23
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
CVSS Score
5.0
EPSS Score
0.196
Published
1999-09-10
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVSS Score
2.6
EPSS Score
0.055
Published
1999-08-11
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVSS Score
5.0
EPSS Score
0.215
Published
1999-08-11