- EPSS 29.34%
- Veröffentlicht 10.05.2000 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:26
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
- EPSS 43.89%
- Veröffentlicht 06.05.2000 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:39
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that rev...
CVE-2000-0258
- EPSS 19.61%
- Veröffentlicht 12.04.2000 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:20
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
- EPSS 79.98%
- Veröffentlicht 30.03.2000 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:18
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
- EPSS 28.06%
- Veröffentlicht 11.01.2000 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:50:56
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
- EPSS 40.02%
- Veröffentlicht 31.12.1999 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:47:42
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
CVE-1999-0412
- EPSS 10.24%
- Veröffentlicht 19.02.1999 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:48:20
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-1999-0450
- EPSS 19.03%
- Veröffentlicht 26.01.1999 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:48:25
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
- EPSS 12.59%
- Veröffentlicht 01.06.1997 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:48:03
Denial of service in IIS using long URLs.
CVE-1999-0253
- EPSS 7.95%
- Veröffentlicht 01.01.1997 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:48:00
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.