Search Results (111 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0861 1 Microsoft 4 Commercial Internet System, Internet Information Server, Site Server and 1 more 2025-04-03 N/A
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
CVE-1999-0867 1 Microsoft 3 Commercial Internet System, Internet Information Server, Site Server 2025-04-03 N/A
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
CVE-1999-1011 1 Microsoft 4 Data Access Components, Index Server, Internet Information Server and 1 more 2025-04-03 N/A
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-1999-1035 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
CVE-1999-1148 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
CVE-1999-0412 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-1999-1233 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
CVE-1999-1376 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
CVE-2002-0079 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
CVE-1999-1538 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVE-1999-1544 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
CVE-1999-1591 1 Microsoft 2 Internet Information Server, Visual Interdev 2025-04-03 N/A
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
CVE-2000-0115 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
CVE-2000-0126 1 Microsoft 1 Internet Information Server 2025-04-03 N/A
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
CVE-2000-0413 1 Microsoft 3 Frontpage, Internet Information Server, Internet Information Services 2025-04-03 N/A
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
CVE-2000-0457 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
CVE-2002-0149 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
CVE-2002-0150 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
CVE-2003-0225 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
CVE-2000-0258 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.