CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-1999-1591
https://notcve.org/view.php?id=CVE-1999-1591
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. • http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html http://www.securityfocus.com/bid/190 •
CVSS: 5.0EPSS: 90%CPEs: 2EXPL: 1CVE-1999-0154 – Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure
https://notcve.org/view.php?id=CVE-1999-0154
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. • https://www.exploit-db.com/exploits/20481 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0154 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-1999-1035
https://notcve.org/view.php?id=CVE-1999-1035
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. • http://support.microsoft.com/support/kb/articles/q192/2/96.asp https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/1823 •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-1999-1451
https://notcve.org/view.php?id=CVE-1999-1451
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. • http://support.microsoft.com/support/kb/articles/q231/3/68.asp https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/3271 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2000-0025
https://notcve.org/view.php?id=CVE-2000-0025
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606 http://www.osvdb.org/8098 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058 •