Commercial Internet System Security Vulnerabilities - CVSS Score 5 - 6

CVE-1999-0867

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

CVE-1999-0910

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

CVE-2000-0246

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.