CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-1999-0407
https://notcve.org/view.php?id=CVE-1999-0407
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. • http://marc.info/?l=bugtraq&m=91983486431506&w=2 http://marc.info/?l=bugtraq&m=92000623021036&w=2 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0348
https://notcve.org/view.php?id=CVE-1999-0348
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ197003 http://www.osvdb.org/930 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-1999-0349
https://notcve.org/view.php?id=CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ188348 http://www.eeye.com/html/Research/Advisories/IIS%20Remote%20FTP%20Exploit/DoS%20Attack.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-003 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-1999-0450 – Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory
https://notcve.org/view.php?id=CVE-1999-0450
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). • https://www.exploit-db.com/exploits/19152 http://www.securityfocus.com/bid/194 •
CVSS: 7.8EPSS: 90%CPEs: 1EXPL: 0CVE-1999-0449
https://notcve.org/view.php?id=CVE-1999-0449
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. • http://www.osvdb.org/2 http://www.osvdb.org/3 http://www.osvdb.org/4 http://www.securityfocus.com/bid/193 •