Vulnerabilities > Microsoft > Internet Information Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-01-11 | CVE-2000-0071 | Unspecified vulnerability in Microsoft products IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | 5.0 |
| 1999-12-31 | CVE-1999-1451 | Unspecified vulnerability in Microsoft Internet Information Server and Site Server The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | 5.0 |
| 1999-12-31 | CVE-1999-1223 | Unspecified vulnerability in Microsoft Internet Information Server 3.0 IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | 5.0 |
| 1999-12-31 | CVE-1999-1148 | Unspecified vulnerability in Microsoft Internet Information Server FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. | 5.0 |
| 1999-12-31 | CVE-1999-1035 | Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0 IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. | 5.0 |
| 1999-12-31 | CVE-1999-0154 | Unspecified vulnerability in Microsoft products IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . | 5.0 |
| 1999-07-07 | CVE-1999-1537 | Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0 IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. | 5.0 |
| 1999-07-06 | CVE-1999-1478 | Unspecified vulnerability in Microsoft Internet Information Server 3.0/4.0 The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. | 5.0 |
| 1999-05-12 | CVE-1999-0229 | Unspecified vulnerability in Microsoft Internet Information Server Denial of service in Windows NT IIS server using ..\.. | 5.0 |
| 1999-05-07 | CVE-1999-0739 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | 5.0 |