CVE-1999-1376
https://notcve.org/view.php?id=CVE-1999-1376
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. • http://marc.info/?l=bugtraq&m=91638375309890&w=2 http://marc.info/?l=ntbugtraq&m=91632724913080&w=2 •
CVE-1999-1538 – Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration
https://notcve.org/view.php?id=CVE-1999-1538
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. • https://www.exploit-db.com/exploits/19147 http://marc.info/?l=bugtraq&m=91638375309890&w=2 http://marc.info/?l=ntbugtraq&m=91632724913080&w=2 http://www.securityfocus.com/bid/189 •
CVE-1999-0448 – Microsoft IIS 4 (Windows NT) - Log Avoidance
https://notcve.org/view.php?id=CVE-1999-0448
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. • https://www.exploit-db.com/exploits/19149 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0448 •
CVE-1999-0007
https://notcve.org/view.php?id=CVE-1999-0007
Information from SSL-encrypted sessions via PKCS #1. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-002 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-1999-0278 – Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams
https://notcve.org/view.php?id=CVE-1999-0278
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. • https://www.exploit-db.com/exploits/19118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A913 •