Every CVE whose affected-product data names Microsoft Site Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-1999-1011 — CVSS 10.0 (critical): The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods…
CVE-2002-1769 — CVSS 7.5 (high): Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows…
CVE-2000-0161 — CVSS 7.5 (high): Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to…
CVE-1999-1246 — CVSS 7.5 (high): Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which…
CVE-1999-0360 — CVSS 7.2 (high): MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute…
CVE-2000-0024 — CVSS 6.4 (medium): IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via…
CVE-2000-0246 — CVSS 5.0 (medium): IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote…
CVE-2002-2081 — CVSS 5.0 (medium): cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file…
CVE-1999-0910 — CVSS 5.0 (medium): Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy…
CVE-1999-1451 — CVSS 5.0 (medium): The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
CVE-1999-1520 — CVSS 5.0 (medium): A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the…
CVE-2000-0025 — CVSS 5.0 (medium): IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name…
CVE-2002-2073 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to…
CVE-1999-0861 — CVSS 2.6 (low): Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.