Page 8 of 46 results (0.015 seconds)

CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0

An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. • http://marc.info/?l=bugtraq&m=96390444022878&w=2 http://www.securityfocus.com/bid/1476 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044 https://exchange.xforce.ibmcloud.com/vulnerabilities/4951 •

CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 5

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions. • https://www.exploit-db.com/exploits/20096 https://github.com/rafaelh/CVE-2000-0649 https://github.com/Downgraderz/PoC-CVE-2000-0649 http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html http://www.securityfocus.com/bid/1499 https://support.microsoft.com/en-us/help/218180/internet-information-server-returns-ip-address-in-http-header-content https://support.microsoft.com/en-us/topic/fix-the-internal-ip-address-of-an-iis-7-0-server-is-revealed-if-an-http-request-that-does& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 75%CPEs: 2EXPL: 1

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. • https://www.exploit-db.com/exploits/19907 http://www.microsoft.com/technet/support/kb.asp?ID=260205 http://www.securityfocus.com/bid/1190 http://www.ussrback.com/labs40.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-030 •

CVSS: 7.5EPSS: 22%CPEs: 2EXPL: 1

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. • https://www.exploit-db.com/exploits/19908 http://marc.info/?l=bugtraq&m=95810120719608&w=2 http://www.securityfocus.com/bid/1193 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 https://exchange.xforce.ibmcloud.com/vulnerabilities/4448 •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. • http://www.securityfocus.com/bid/1191 http://xforce.iss.net/alerts/advise52.php3 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 •