Lucene search
MitreCVE-1999-1538HistorySep 12, 2001 - 4:00 a.m.
CVE-1999-1538
2001-09-1204:00:00
mitre
web.nvd.nist.gov
45
cve-1999-1538
iis 2
iis 3
iis 4
upgrade issue
ism.dll
server information
unauthorized access
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
High
EPSS
0.898
Percentile
98.8%
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator’s password.
Affected configurations
Node
microsoftinternet_information_serverMatch4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | internet_information_server | 4.0 | cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration
1999-01-14 00:00:00
cvelist
cvelist
CVE-1999-1538
2001-09-12 04:00:00
nvd
nvd
CVE-1999-1538
1999-01-14 05:00:00
nessus
nessus
Microsoft IIS /iisadmin Unrestricted Access
2000-04-01 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
High
EPSS
0.898
Percentile
98.8%
Related for CVE-1999-1538