Commercial Internet System
Sign in to watchby Microsoft
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2000-0246 | 0.10 | — | 0.84 | Mar 30, 2000 | IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | ||
| CVE-1999-0867 | 0.05 | — | 0.19 | Aug 11, 1999 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | ||
| CVE-1999-0910 | 0.02 | — | 0.20 | Sep 10, 1999 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | ||
| CVE-2000-0053 | 0.01 | — | 0.14 | Jan 4, 2000 | Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. | ||
| CVE-1999-0777 | 0.00 | — | 0.01 | Sep 23, 1999 | IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | ||
| CVE-1999-0861 | 0.00 | — | 0.05 | Aug 11, 1999 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. |