Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

microsoft internet information server 4.0 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2

CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0Microsoft Windows Nt 4.0
7.5
CVSSv2

CVE-2001-0333

Directory traversal vulnerability in IIS 5.0 and previous versions allows remote malicious users to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Microsoft Internet Information ServerMicrosoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1478

The Sun HotSpot Performance Engine VM allows a remote malicious user to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1537

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote malicious users to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform...
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1544

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote malicious users to cause a denial of service via a long NLST (ls) command.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-2000-0126

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote malicious users to read files via a .. (dot dot) attack.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
7.5
CVSSv2

CVE-1999-0349

A buffer overflow in the FTP list (ls) command in IIS allows remote malicious users to conduct a denial of service and, in some cases, execute arbitrary commands.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-2000-0114

Frontpage Server Extensions allows remote malicious users to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
7.1
CVSSv2

CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote malicious user to view the source code of certain files, a.k.a. "Double Byte Code Page".
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
5
CVSSv2

CVE-1999-1035

IIS 3.0 and 4.0 on x86 and Alpha allows remote malicious users to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
Microsoft Internet Information Server 3.0Microsoft Internet Information Server 4.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-25291CVE-2025-29358download managervisual bacnet capture toolgolang.org/x/netCVE-2025-1429log injectioncodename065local usersCVE-2025-29359CVE-2025-27363CVE-2025-2104wireless
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook