CVSS: 7.5EPSS: 84%CPEs: 2EXPL: 1CVE-2000-0457 – Microsoft IIS 4.0/5.0 - Malformed Filename Request
https://notcve.org/view.php?id=CVE-2000-0457
11 May 2000 — ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. • https://www.exploit-db.com/exploits/19908 •
CVSS: 7.5EPSS: 51%CPEs: 2EXPL: 0CVE-2000-0304
https://notcve.org/view.php?id=CVE-2000-0304
10 May 2000 — Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. • http://www.securityfocus.com/bid/1191 •
CVSS: 5.3EPSS: 59%CPEs: 3EXPL: 1CVE-2000-0413 – FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
https://notcve.org/view.php?id=CVE-2000-0413
06 May 2000 — The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 •
CVSS: 7.5EPSS: 20%CPEs: 2EXPL: 0CVE-2000-0258
https://notcve.org/view.php?id=CVE-2000-0258
12 Apr 2000 — IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. IIS 4.0 y 5.0 permite a atacantes remotos provocar una denegación de servicio enviando muchas URLs con un largo número de caracteres de escape, también conocida como la Vulnerabilidad "Myriad Escaped Characters". • http://www.securityfocus.com/bid/1101 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 83%CPEs: 7EXPL: 1CVE-2000-0246 – Microsoft IIS 4.0 - UNC Mapped Virtual Host
https://notcve.org/view.php?id=CVE-2000-0246
30 Mar 2000 — IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 •
CVSS: 9.1EPSS: 71%CPEs: 3EXPL: 0CVE-2000-0071
https://notcve.org/view.php?id=CVE-2000-0071
11 Jan 2000 — IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. • http://marc.info/?l=bugtraq&m=94770020309953&w=2 •
CVSS: 7.5EPSS: 42%CPEs: 2EXPL: 1CVE-1999-0154 – Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure
https://notcve.org/view.php?id=CVE-1999-0154
31 Dec 1999 — IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. • https://www.exploit-db.com/exploits/20481 •
CVSS: 9.8EPSS: 38%CPEs: 3EXPL: 1CVE-1999-0412 – Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
https://notcve.org/view.php?id=CVE-1999-0412
19 Feb 1999 — In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 •
CVSS: 9.1EPSS: 32%CPEs: 4EXPL: 1CVE-1999-0450 – Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory
https://notcve.org/view.php?id=CVE-1999-0450
26 Jan 1999 — In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). • https://www.exploit-db.com/exploits/19152 •
CVSS: 7.5EPSS: 13%CPEs: 2EXPL: 1CVE-1999-0281 – Microsoft IIS 2.0/3.0 - Long URL Denial of Service
https://notcve.org/view.php?id=CVE-1999-0281
01 Jun 1997 — Denial of service in IIS using long URLs. • https://www.exploit-db.com/exploits/20802 •