Lucene search
MitreCVE-1999-0407HistoryJun 02, 2000 - 4:00 a.m.
CVE-1999-0407
2000-06-0204:00:00
mitre
web.nvd.nist.gov
43
cve-1999-0407
iis 4.0
vulnerability
brute force attacks
proxies
valid users
nvd
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
High
EPSS
0.034
Percentile
91.4%
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
Affected configurations
Node
microsoftinternet_information_serverMatch4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | internet_information_server | 4.0 | cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-1999-0407
2000-06-02 04:00:00
nvd
nvd
CVE-1999-0407
1999-02-09 05:00:00
nessus
nessus
Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass
2000-04-15 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
High
EPSS
0.034
Percentile
91.4%
Related for CVE-1999-0407