VYPR

Commercial Internet System

by Microsoft

CVEs (6)

  • CVE-2000-0246Mar 30, 2000
    risk 0.09cvss epss 0.80

    IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

  • CVE-1999-0867Aug 11, 1999
    risk 0.05cvss epss 0.22

    Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

  • CVE-2000-0053Jan 4, 2000
    risk 0.01cvss epss 0.15

    Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

  • CVE-1999-0777Sep 23, 1999
    risk 0.01cvss epss 0.12

    IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

  • CVE-1999-0910Sep 10, 1999
    risk 0.00cvss epss 0.06

    Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

  • CVE-1999-0861Aug 11, 1999
    risk 0.00cvss epss 0.03

    Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.