CVSS: 9.1EPSS: 10%CPEs: 1EXPL: 1CVE-1999-1233
https://notcve.org/view.php?id=CVE-1999-1233
31 Dec 1999 — IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. • http://support.microsoft.com/support/kb/articles/Q241/5/62.asp •
CVSS: 7.5EPSS: 35%CPEs: 2EXPL: 0CVE-1999-1451
https://notcve.org/view.php?id=CVE-1999-1451
31 Dec 1999 — The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. • http://support.microsoft.com/support/kb/articles/q231/3/68.asp •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 0CVE-1999-1591
https://notcve.org/view.php?id=CVE-1999-1591
31 Dec 1999 — Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. • http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html •
CVSS: 7.5EPSS: 35%CPEs: 2EXPL: 1CVE-1999-0154 – Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure
https://notcve.org/view.php?id=CVE-1999-0154
31 Dec 1999 — IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. • https://www.exploit-db.com/exploits/20481 •
CVSS: 9.1EPSS: 12%CPEs: 3EXPL: 0CVE-2000-0024
https://notcve.org/view.php?id=CVE-2000-0024
21 Dec 1999 — IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ246401 •
CVSS: 7.5EPSS: 46%CPEs: 3EXPL: 0CVE-2000-0025
https://notcve.org/view.php?id=CVE-2000-0025
21 Dec 1999 — IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ238606 •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-1999-0777
https://notcve.org/view.php?id=CVE-1999-0777
23 Sep 1999 — IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ241407 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 38%CPEs: 6EXPL: 1CVE-1999-0725 – Microsoft IIS 3.0/4.0 - Double Byte Code Page
https://notcve.org/view.php?id=CVE-1999-0725
19 Aug 1999 — When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". • https://www.exploit-db.com/exploits/19361 • CWE-16: Configuration •
CVSS: 5.9EPSS: 5%CPEs: 5EXPL: 0CVE-1999-0861
https://notcve.org/view.php?id=CVE-1999-0861
11 Aug 1999 — Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ244613 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 1CVE-1999-0867 – Microsoft Commercial Internet System 2.0/2.5 / IIS 4.0 / Site Server Commerce Edition 3.0 alpha/3.0 - Denial of Service
https://notcve.org/view.php?id=CVE-1999-0867
11 Aug 1999 — Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. • https://www.exploit-db.com/exploits/19457 • CWE-20: Improper Input Validation •