This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1999-08-11
Product Commercial Internet System Last view 2000-03-30
Version 2.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:commercial_internet_system

Activity : Overall

Related : CVE

  Date Alert Description
5 2000-03-30 CVE-2000-0246

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

7.5 2000-01-04 CVE-2000-0053

Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

7.5 1999-09-23 CVE-1999-0777

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

5 1999-09-10 CVE-1999-0910

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

5 1999-08-11 CVE-1999-0867

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

2.6 1999-08-11 CVE-1999-0861

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-362 Race Condition
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
59259 Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness
11277 Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
7807 Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
1188 Microsoft CIS IMAP Server Remote Overflow
1083 Microsoft IIS FTP NO ACCESS Read/Delete File
1041 Microsoft IIS Malformed HTTP Request Header DoS

OpenVAS Exploits

id Description
2005-11-03 Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability
File : nvt/iis_unc_mapped_virt_host_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows IIS UNC mapped virtual host file source code access attempt
RuleID : 24867 - Type : SERVER-IIS - Revision : 3
2014-01-10 Microsoft Windows IIS UNC mapped virtual host file source code access attempt
RuleID : 24866 - Type : SERVER-IIS - Revision : 3
2014-01-10 Microsoft Windows IIS UNC mapped virtual host file source code access attempt
RuleID : 20665 - Type : SERVER-IIS - Revision : 8
2014-01-10 Microsoft Windows IIS UNC mapped virtual host file source code access attempt
RuleID : 20664 - Type : SERVER-IIS - Revision : 8

Nessus® Vulnerability Scanner

id Description
2003-03-23 Name: The remote web server is affected by an information disclosure flaw.
File: iis_unc_mapped_virt_host_vuln.nasl - Type: ACT_GATHER_INFO
1999-08-20 Name: The remote web server is affected by a remote denial of service vulnerability.
File: iis_malformed_request.nasl - Type: ACT_DENIAL