ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.

ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").