Microsoft Internet Information Services vulnerabilities

CVE-2000-0258 [HIGH] CWE-20 CVE-2000-0258: IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a lar IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

CVE-2000-0246 [MEDIUM] CVE-2000-0246: IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mappe IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

CVE-2000-0071 [MEDIUM] CVE-2000-0071: IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non- IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

CVE-1999-0154 [MEDIUM] CVE-1999-0154: IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.

CVE-1999-0412 [HIGH] CVE-1999-0412: In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

CVE-1999-0450 [HIGH] CVE-1999-0450: In IIS, an attacker could determine a real path using a request for a non-existent URL that would be In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

CVE-1999-0253 [HIGH] CVE-1999-0253: IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP progra IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.

CVE-1999-0233 [CRITICAL] CVE-1999-0233: IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.