Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft internet information server 4.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2001-0333
Directory traversal vulnerability in IIS 5.0 and previous versions allows remote malicious users to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
9 EDB exploits
5
CVSSv2
CVE-1999-0278
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Windows Nt 4.0
1 EDB exploit
1 Github repository
4.4
CVSSv2
CVE-2006-6579
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read acc...
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server
Microsoft Internet Information Services 1.0
Microsoft Internet Information Services 2.0
5
CVSSv2
CVE-2000-0071
IIS 4.0 allows a remote malicious user to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
7.5
CVSSv2
CVE-1999-0412
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
Microsoft Internet Information Services 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
1 EDB exploit
5
CVSSv2
CVE-2000-0631
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote malicious users to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
5
CVSSv2
CVE-1999-1035
IIS 3.0 and 4.0 on x86 and Alpha allows remote malicious users to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
5
CVSSv2
CVE-2000-1090
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote malicious users to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 5.0
5
CVSSv2
CVE-1999-1478
The Sun HotSpot Performance Engine VM allows a remote malicious user to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
7.5
CVSSv2
CVE-1999-0349
A buffer overflow in the FTP list (ls) command in IIS allows remote malicious users to conduct a denial of service and, in some cases, execute arbitrary commands.
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »