Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Information Services
Subscriptions
Total
92 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | ||||
CVE-2000-0408 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. | ||||
CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | ||||
CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | ||||
CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2024-11-21 | N/A |
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | ||||
CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | ||||
CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | ||||
CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | ||||
CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
Denial of service in IIS using long URLs. | ||||
CVE-1999-0253 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | ||||
CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-11-21 | N/A |
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | ||||
CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | N/A |
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |