Skip to main content

CVE-1999-1538

Severity Low
Score 2.1/10

Summary

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

  • LOW
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published