CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-1999-0348
https://notcve.org/view.php?id=CVE-1999-0348
27 Jan 1999 — IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ197003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 0CVE-1999-0349
https://notcve.org/view.php?id=CVE-1999-0349
27 Jan 1999 — A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. • http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ188348 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 42%CPEs: 1EXPL: 0CVE-1999-0449
https://notcve.org/view.php?id=CVE-1999-0449
26 Jan 1999 — The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. • http://www.osvdb.org/2 •
CVSS: 9.1EPSS: 32%CPEs: 4EXPL: 1CVE-1999-0450 – Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory
https://notcve.org/view.php?id=CVE-1999-0450
26 Jan 1999 — In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). • https://www.exploit-db.com/exploits/19152 •
CVSS: 6.2EPSS: 6%CPEs: 2EXPL: 0CVE-1999-1544
https://notcve.org/view.php?id=CVE-1999-1544
24 Jan 1999 — Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. • http://marc.info/?l=bugtraq&m=91722115016183&w=2 •
CVSS: 10.0EPSS: 54%CPEs: 1EXPL: 0CVE-1999-1376
https://notcve.org/view.php?id=CVE-1999-1376
14 Jan 1999 — Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. • http://marc.info/?l=bugtraq&m=91638375309890&w=2 •
CVSS: 7.1EPSS: 56%CPEs: 1EXPL: 2CVE-1999-1538 – Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration
https://notcve.org/view.php?id=CVE-1999-1538
14 Jan 1999 — When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. • https://www.exploit-db.com/exploits/19147 •
CVSS: 5.0EPSS: 56%CPEs: 1EXPL: 1CVE-1999-0448 – Microsoft IIS 4 (Windows NT) - Log Avoidance
https://notcve.org/view.php?id=CVE-1999-0448
01 Jan 1999 — IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. • https://www.exploit-db.com/exploits/19149 •
CVSS: 7.5EPSS: 5%CPEs: 22EXPL: 0CVE-1999-0007
https://notcve.org/view.php?id=CVE-1999-0007
26 Jun 1998 — Information from SSL-encrypted sessions via PKCS #1. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-002 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 76%CPEs: 3EXPL: 1CVE-1999-0278 – Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams
https://notcve.org/view.php?id=CVE-1999-0278
01 Jun 1998 — In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. • https://www.exploit-db.com/exploits/19118 •