EUVD-1999-0253

Malware in sbrugna...

Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1818/info Microsoft IIS 3.0 came with a sample program, newdsn.exe, installed by default in the directory wwwroot/scripts/tools/. Execution of this program with a properly submitted URL could allow for remote file creatio...

Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2280/info Microsoft Internet Information Server IIS 3.0 came with a series of remote administration scripts installed in /scripts/iisadmin off the web root directory. ism.dll is required for processing these scripts, and...

Microsoft IIS - Short File/Folder Name Disclosure

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19525.zip Paper: http://www.exploit-db.com/docs/19527.pdf Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "IIS is a web...

CVE-1999-1223

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / forward slash characters...

CVE-1999-1035

The provided records identify CVE-1999-1035 as a vulnerability in Microsoft IIS 3.0 and 4.0 running on x86 and Alpha, where remote attackers can cause a denial of service (hang) by sending a malformed GET request. Root cause details are not elaborated beyond mentioning a malformed GET handling is...

CVE-1999-1223

The CVE-1999-1223 entry concerns IIS 3.0. It describes a remote denial-of-service condition triggered by an ASP page request whose URL contains a very large number of forward-slash characters. The available references reiterate that this input pattern can disrupt the service, but the documents do...

CVE-1999-0154

The vulnerability affects IIS versions 2.0–3.0, where a request ending with a period (dot) can cause the server to reveal ASP page source to an attacker. This is a remote read of source code resulting from the URL handling behavior in IIS 2.0/3.0. Practical impact: exposure of ASP source. The PT-...

CVE-2000-0631

An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability...

CVE-1999-0253

Summary: CVE-1999-0253 describes an information-disclosure flaw in IIS 3.0 with the iis-fix hotfix, where remote attackers could disclose ASP source by appending %2e in the URL. Affected product: Microsoft IIS 3.0 (with iis-fix) as documented in Red Hat, NVD/NVD-like records and Nessus entry; mul...

CVE-1999-0253

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . dot in the URL...

CVE-1999-1223

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / forward slash characters...

Microsoft IIS 3.0/4.0 - Upgrade BDIR.HTR

source: https://www.securityfocus.com/bid/2280/info Microsoft Internet Information Server IIS 3.0 came with a series of remote administration scripts installed in /scripts/iisadmin off the web root directory. ism.dll is required for processing these scripts, and version 3.0 of IIS came with an...