CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-1999-0412 – Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
https://notcve.org/view.php?id=CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 http://www.securityfocus.com/bid/501 •
CVSS: 5.0EPSS: 16%CPEs: 2EXPL: 2CVE-1999-1375 – Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
https://notcve.org/view.php?id=CVE-1999-1375
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. • https://www.exploit-db.com/exploits/19194 http://marc.info/?l=ntbugtraq&m=91877455626320&w=2 http://www.securityfocus.com/bid/230 •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-1999-0407
https://notcve.org/view.php?id=CVE-1999-0407
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. • http://marc.info/?l=bugtraq&m=91983486431506&w=2 http://marc.info/?l=bugtraq&m=92000623021036&w=2 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0348
https://notcve.org/view.php?id=CVE-1999-0348
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ197003 http://www.osvdb.org/930 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-1999-0349
https://notcve.org/view.php?id=CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ188348 http://www.eeye.com/html/Research/Advisories/IIS%20Remote%20FTP%20Exploit/DoS%20Attack.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-003 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •