Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet_information_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 1999-01-24 | CVE-1999-1544 | Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. | Internet_information_server | N/A | ||
| 1999-01-14 | CVE-1999-1538 | When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | Internet_information_server | N/A | ||
| 1999-07-07 | CVE-1999-1537 | IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. | Internet_information_server | N/A | ||
| 1999-07-06 | CVE-1999-1478 | The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. | Internet_information_server | N/A | ||
| 1999-12-31 | CVE-1999-1451 | The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | Internet_information_server, Site_server | N/A | ||
| 1999-01-14 | CVE-1999-1376 | Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | Internet_information_server | N/A | ||
| 1999-02-11 | CVE-1999-1375 | FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | Internet_information_server | N/A | ||
| 1999-12-31 | CVE-1999-1233 | IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | Internet_information_server | N/A | ||
| 1999-12-31 | CVE-1999-1223 | IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | Internet_information_server | N/A | ||
| 1999-12-31 | CVE-1999-1148 | FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | Internet_information_server | N/A |