CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 0CVE-2002-0057
https://notcve.org/view.php?id=CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. El control XMLHTTP en Microsoft XML Core Services 2.6 y versiones posteriores no manejan adecuadamente el establecimiento de valores de la Zona de Seguridad del IE, lo cual permite a atacantes remotos la lectura arbitraria de ficheros especificando un fichero local como una fuente de datos XML. • http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html http://marc.info/?l=bugtraq&m=101366383408821&w=2 http://www.osvdb.org/3032 http://www.securityfocus.com/bid/3699 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/7712 •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2000-0631
https://notcve.org/view.php?id=CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. • http://marc.info/?l=bugtraq&m=96390444022878&w=2 http://www.securityfocus.com/bid/1476 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044 https://exchange.xforce.ibmcloud.com/vulnerabilities/4951 •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 5CVE-2000-0649 – Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure
https://notcve.org/view.php?id=CVE-2000-0649
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions. • https://www.exploit-db.com/exploits/20096 https://github.com/rafaelh/CVE-2000-0649 https://github.com/Downgraderz/PoC-CVE-2000-0649 http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html http://www.securityfocus.com/bid/1499 https://support.microsoft.com/en-us/help/218180/internet-information-server-returns-ip-address-in-http-header-content https://support.microsoft.com/en-us/topic/fix-the-internal-ip-address-of-an-iis-7-0-server-is-revealed-if-an-http-request-that-does& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 95%CPEs: 7EXPL: 1CVE-2000-0246 – Microsoft IIS 4.0 - UNC Mapped Virtual Host
https://notcve.org/view.php?id=CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 http://www.microsoft.com/technet/support/kb.asp?ID=249599 http://www.securityfocus.com/bid/1081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019 •
CVSS: 5.0EPSS: 92%CPEs: 3EXPL: 0CVE-2000-0071
https://notcve.org/view.php?id=CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. • http://marc.info/?l=bugtraq&m=94770020309953&w=2 http://marc.info/?l=bugtraq&m=94780058006791&w=2 •