Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 1999-08-11 |
Product | Commercial Internet System | Last view | 2000-03-30 |
Version | 2.5 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:microsoft:commercial_internet_system |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2000-03-30 | CVE-2000-0246 | IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. |
7.5 | 2000-01-04 | CVE-2000-0053 | Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. |
7.5 | 1999-09-23 | CVE-1999-0777 | IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. |
5 | 1999-09-10 | CVE-1999-0910 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. |
5 | 1999-08-11 | CVE-1999-0867 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. |
2.6 | 1999-08-11 | CVE-1999-0861 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (1) | CWE-362 | Race Condition |
33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
33% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
59259 | Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness |
11277 | Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure |
7807 | Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure |
1188 | Microsoft CIS IMAP Server Remote Overflow |
1083 | Microsoft IIS FTP NO ACCESS Read/Delete File |
1041 | Microsoft IIS Malformed HTTP Request Header DoS |
OpenVAS Exploits
id | Description |
---|---|
2005-11-03 | Name : Microsoft IIS UNC Mapped Virtual Host Vulnerability File : nvt/iis_unc_mapped_virt_host_vuln.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 24867 - Type : SERVER-IIS - Revision : 3 |
2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 24866 - Type : SERVER-IIS - Revision : 3 |
2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 20665 - Type : SERVER-IIS - Revision : 8 |
2014-01-10 | Microsoft Windows IIS UNC mapped virtual host file source code access attempt RuleID : 20664 - Type : SERVER-IIS - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2003-03-23 | Name: The remote web server is affected by an information disclosure flaw. File: iis_unc_mapped_virt_host_vuln.nasl - Type: ACT_GATHER_INFO |
1999-08-20 | Name: The remote web server is affected by a remote denial of service vulnerability. File: iis_malformed_request.nasl - Type: ACT_DENIAL |