This page lists publicly disclosed CVE vulnerabilities affecting microsoft commercial_internet_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2000-0246 | IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | [email protected] | 5.0 | 83.62% | 2000-03-30 | 2026-04-16 |
| CVE-2000-0053 | Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. | [email protected] | 7.5 | 14.20% | 2000-01-04 | 2026-04-16 |
| CVE-1999-0777 | IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | [email protected] | 7.5 | 1.34% | 1999-09-23 | 2026-04-16 |
| CVE-1999-0910 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | [email protected] | 5.0 | 19.63% | 1999-09-10 | 2026-04-16 |
| CVE-1999-0867 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | [email protected] | 5.0 | 19.42% | 1999-08-11 | 2026-04-16 |
| CVE-1999-0861 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | [email protected] | 2.6 | 5.46% | 1999-08-11 | 2026-04-16 |