CVSS: 5.0EPSS: 90%CPEs: 3EXPL: 1CVE-1999-0278 – Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams
https://notcve.org/view.php?id=CVE-1999-0278
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. • https://www.exploit-db.com/exploits/19118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A913 •
CVSS: 5.0EPSS: 93%CPEs: 6EXPL: 0CVE-1999-0012
https://notcve.org/view.php?id=CVE-1999-0012
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0012 •
CVSS: 6.4EPSS: 96%CPEs: 1EXPL: 1CVE-1999-0191 – Microsoft IIS 3.0 - 'newdsn.exe' File Creation
https://notcve.org/view.php?id=CVE-1999-0191
IIS newdsn.exe CGI script allows remote users to overwrite files. • https://www.exploit-db.com/exploits/20309 http://www.osvdb.org/275 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-1999-0281 – Microsoft IIS 2.0/3.0 - Long URL Denial of Service
https://notcve.org/view.php?id=CVE-1999-0281
Denial of service in IIS using long URLs. • https://www.exploit-db.com/exploits/20802 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0281 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-1999-0253
https://notcve.org/view.php?id=CVE-1999-0253
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. • http://www.securityfocus.com/bid/1814 •