CVSS: 7.5EPSS: 73%CPEs: 2EXPL: 2CVE-1999-1375 – Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
https://notcve.org/view.php?id=CVE-1999-1375
11 Feb 1999 — FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. • https://www.exploit-db.com/exploits/19194 •
CVSS: 10.0EPSS: 29%CPEs: 1EXPL: 0CVE-1999-0407
https://notcve.org/view.php?id=CVE-1999-0407
09 Feb 1999 — By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. • http://marc.info/?l=bugtraq&m=91983486431506&w=2 •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-1999-0348
https://notcve.org/view.php?id=CVE-1999-0348
27 Jan 1999 — IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ197003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 0CVE-1999-0349
https://notcve.org/view.php?id=CVE-1999-0349
27 Jan 1999 — A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ188348 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 42%CPEs: 1EXPL: 0CVE-1999-0449
https://notcve.org/view.php?id=CVE-1999-0449
26 Jan 1999 — The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. • http://www.osvdb.org/2 •
CVSS: 9.1EPSS: 32%CPEs: 4EXPL: 1CVE-1999-0450 – Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory
https://notcve.org/view.php?id=CVE-1999-0450
26 Jan 1999 — In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). • https://www.exploit-db.com/exploits/19152 •
CVSS: 6.2EPSS: 6%CPEs: 2EXPL: 0CVE-1999-1544
https://notcve.org/view.php?id=CVE-1999-1544
24 Jan 1999 — Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. • http://marc.info/?l=bugtraq&m=91722115016183&w=2 •
CVSS: 10.0EPSS: 54%CPEs: 1EXPL: 0CVE-1999-1376
https://notcve.org/view.php?id=CVE-1999-1376
14 Jan 1999 — Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. • http://marc.info/?l=bugtraq&m=91638375309890&w=2 •
CVSS: 7.1EPSS: 56%CPEs: 1EXPL: 2CVE-1999-1538 – Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration
https://notcve.org/view.php?id=CVE-1999-1538
14 Jan 1999 — When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. • https://www.exploit-db.com/exploits/19147 •
CVSS: 5.0EPSS: 56%CPEs: 1EXPL: 1CVE-1999-0448 – Microsoft IIS 4 (Windows NT) - Log Avoidance
https://notcve.org/view.php?id=CVE-1999-0448
01 Jan 1999 — IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. • https://www.exploit-db.com/exploits/19149 •