Microsoft Site Server Commerce — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Site Server Commerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2002-1769 — CVSS 7.5 (high): Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows…
CVE-2000-0024 — CVSS 6.4 (medium): IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via…
CVE-2000-0025 — CVSS 5.0 (medium): IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name…
CVE-2000-0246 — CVSS 5.0 (medium): IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote…
CVE-2002-2081 — CVSS 5.0 (medium): cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file…
CVE-1999-0910 — CVSS 5.0 (medium): Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy…
CVE-2002-2073 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to…
CVE-1999-0861 — CVSS 2.6 (low): Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.