CVSS: 7.5EPSS: 22%CPEs: 2EXPL: 1CVE-2000-0457 – Microsoft IIS 4.0/5.0 - Malformed Filename Request
https://notcve.org/view.php?id=CVE-2000-0457
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. • https://www.exploit-db.com/exploits/19908 http://marc.info/?l=bugtraq&m=95810120719608&w=2 http://www.securityfocus.com/bid/1193 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 https://exchange.xforce.ibmcloud.com/vulnerabilities/4448 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2000-0304
https://notcve.org/view.php?id=CVE-2000-0304
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. • http://www.securityfocus.com/bid/1191 http://xforce.iss.net/alerts/advise52.php3 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 •
CVSS: 5.0EPSS: 90%CPEs: 3EXPL: 1CVE-2000-0413 – FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
https://notcve.org/view.php?id=CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html http://www.securityfocus.com/bid/1174 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0258
https://notcve.org/view.php?id=CVE-2000-0258
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. IIS 4.0 y 5.0 permite a atacantes remotos provocar una denegación de servicio enviando muchas URLs con un largo número de caracteres de escape, también conocida como la Vulnerabilidad "Myriad Escaped Characters". • http://www.securityfocus.com/bid/1101 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 95%CPEs: 7EXPL: 1CVE-2000-0246 – Microsoft IIS 4.0 - UNC Mapped Virtual Host
https://notcve.org/view.php?id=CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 http://www.microsoft.com/technet/support/kb.asp?ID=249599 http://www.securityfocus.com/bid/1081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019 •