Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 1999-08-11 |
| Product | Commercial Internet System | Last view | 2000-03-30 |
| Version | 2.5 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:commercial_internet_system | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2000-03-30 | CVE-2000-0246 | IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. |
| 7.5 | 2000-01-04 | CVE-2000-0053 | Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. |
| 7.5 | 1999-09-23 | CVE-1999-0777 | IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
| 5 | 1999-09-10 | CVE-1999-0910 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. |
| 5 | 1999-08-11 | CVE-1999-0867 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. |
| 2.6 | 1999-08-11 | CVE-1999-0861 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-362 | Race Condition |
| 33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 33% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 59259 | Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness |
| 11277 | Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure |
| 7807 | Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure |
| 1188 | Microsoft CIS IMAP Server Remote Overflow |
| 1083 | Microsoft IIS FTP NO ACCESS Read/Delete File |
| 1041 | Microsoft IIS Malformed HTTP Request Header DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2005-11-03 | Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability File : nvt/iis_unc_mapped_virt_host_vuln.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 24867 - Type : SERVER-IIS - Revision : 3 |
| 2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 24866 - Type : SERVER-IIS - Revision : 3 |
| 2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 20665 - Type : SERVER-IIS - Revision : 8 |
| 2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 20664 - Type : SERVER-IIS - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2003-03-23 | Name: The remote web server is affected by an information disclosure flaw. File: iis_unc_mapped_virt_host_vuln.nasl - Type: ACT_GATHER_INFO |
| 1999-08-20 | Name: The remote web server is affected by a remote denial of service vulnerability. File: iis_malformed_request.nasl - Type: ACT_DENIAL |
