Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-2000-0630 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 5.0 MEDIUM | N/A |
| IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
| CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 5.0 MEDIUM | N/A |
| Denial of service in IIS using long URLs. | |||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | |||||
| CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | |||||
| CVE-1999-1591 | 1 Microsoft | 2 Internet Information Server, Visual Interdev | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | |||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||
| CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. | |||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | |||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||||
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2026-04-16 | 5.0 MEDIUM | 7.0 HIGH |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||