Microsoft » Commercial Internet System » 2.5 : Security Vulnerabilities, CVEs,
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Max CVSS
5.0
EPSS Score
95.86%
Published
2000-03-30
Updated
2018-10-30
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
Max CVSS
7.5
EPSS Score
2.11%
Published
2000-01-04
Updated
2018-10-12
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
Max CVSS
5.0
EPSS Score
0.24%
Published
1999-09-10
Updated
2018-10-12
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
Max CVSS
5.0
EPSS Score
0.50%
Published
1999-08-11
Updated
2018-10-12
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
Max CVSS
2.6
EPSS Score
0.14%
Published
1999-08-11
Updated
2018-10-12
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
Max CVSS
7.5
EPSS Score
0.88%
Published
1999-09-23
Updated
2018-10-12
6 vulnerabilities found