Page 2 of 8 results (0.008 seconds)

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401 http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. • http://www.securityfocus.com/bid/625 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-035 •

CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 0

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ244613 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-053 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •