Vulnerabilities > Microsoft > Internet Information Server > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 1999-07-07 | CVE-1999-1537 | Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0 IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. | 5.0 |
| 1999-07-06 | CVE-1999-1478 | Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0 The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. | 5.0 |
| 1999-05-07 | CVE-1999-0739 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | 5.0 |
| 1999-05-07 | CVE-1999-0738 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | 5.0 |
| 1999-05-07 | CVE-1999-0737 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | 5.0 |
| 1999-05-07 | CVE-1999-0736 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | 5.0 |
| 1999-02-19 | CVE-1999-0412 | Unspecified vulnerability in Microsoft products In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | 7.5 |
| 1999-02-11 | CVE-1999-1375 | Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0 FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | 5.0 |
| 1999-02-09 | CVE-1999-0407 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | 10.0 |
| 1999-01-26 | CVE-1999-0450 | Unspecified vulnerability in Microsoft products In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | 7.5 |