Description

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Remediation

References

CVE-1999-1538

Related Vulnerabilities

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-23897)

MySQL CVE-2013-5881 Vulnerability (CVE-2013-5881)

Java Unspesificed Vulnerability (CVE-2019-2821)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45136)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

Severity

Low

Classification

CVE-1999-1538

Tags

Missing Update Known Vulnerabilities