CVE-2000-0413 – FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
https://notcve.org/view.php?id=CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html http://www.securityfocus.com/bid/1174 •
CVE-2000-0258
https://notcve.org/view.php?id=CVE-2000-0258
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. IIS 4.0 y 5.0 permite a atacantes remotos provocar una denegación de servicio enviando muchas URLs con un largo número de caracteres de escape, también conocida como la Vulnerabilidad "Myriad Escaped Characters". • http://www.securityfocus.com/bid/1101 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023 • CWE-20: Improper Input Validation •
CVE-2000-0246 – Microsoft IIS 4.0 - UNC Mapped Virtual Host
https://notcve.org/view.php?id=CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. • https://www.exploit-db.com/exploits/19824 http://www.microsoft.com/technet/support/kb.asp?ID=249599 http://www.securityfocus.com/bid/1081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019 •
CVE-2000-0071
https://notcve.org/view.php?id=CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. • http://marc.info/?l=bugtraq&m=94770020309953&w=2 http://marc.info/?l=bugtraq&m=94780058006791&w=2 •
CVE-1999-0412 – Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
https://notcve.org/view.php?id=CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. • https://www.exploit-db.com/exploits/19376 http://www.securityfocus.com/bid/501 •