CVE-1999-1538
Summary
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
- LOW
- LOCAL
- NONE
- NONE
- PARTIAL
- NONE
References
Advisory Timeline
- Published