CVSS: 5.0EPSS: 94%CPEs: 1EXPL: 0CVE-1999-0737
https://notcve.org/view.php?id=CVE-1999-0737
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013 •
CVSS: 5.0EPSS: 94%CPEs: 1EXPL: 0CVE-1999-0739
https://notcve.org/view.php?id=CVE-1999-0739
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-1999-0412 – Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
https://notcve.org/view.php?id=CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 http://www.securityfocus.com/bid/501 •
CVSS: 5.0EPSS: 16%CPEs: 2EXPL: 2CVE-1999-1375 – Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
https://notcve.org/view.php?id=CVE-1999-1375
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. • https://www.exploit-db.com/exploits/19194 http://marc.info/?l=ntbugtraq&m=91877455626320&w=2 http://www.securityfocus.com/bid/230 •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-1999-0407
https://notcve.org/view.php?id=CVE-1999-0407
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. • http://marc.info/?l=bugtraq&m=91983486431506&w=2 http://marc.info/?l=bugtraq&m=92000623021036&w=2 •