Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

microsoft internet information server 4.0 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2

CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0Microsoft Windows Nt 4.0
7.5
CVSSv2

CVE-2001-0333

Directory traversal vulnerability in IIS 5.0 and previous versions allows remote malicious users to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Microsoft Internet Information ServerMicrosoft Internet Information Server 4.0
5
CVSSv2

CVE-2000-1090

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote malicious users to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
Microsoft Internet Information Server 4.0Microsoft Internet Information Server 5.0
5
CVSSv2

CVE-1999-1035

IIS 3.0 and 4.0 on x86 and Alpha allows remote malicious users to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1544

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote malicious users to cause a denial of service via a long NLST (ls) command.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-2000-0126

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote malicious users to read files via a .. (dot dot) attack.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1478

The Sun HotSpot Performance Engine VM allows a remote malicious user to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1537

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote malicious users to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform...
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-2000-0114

Frontpage Server Extensions allows remote malicious users to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1375

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote malicious users to read arbitrary files by specifying the name in the file parameter.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ssl.comCVE-2025-3278CVE-2025-24054brute forcefirewallprivilege escalationCVE-2025-24914qriousladCVE-2025-42599pritunlnamelessmcCVE-2025-3103CVE-2025-43895
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook