Description

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Remediation

References

CVE-1999-1538

Related Vulnerabilities

PHP version older than 4.4.1

Serendipity Remote Code Execution (CVE-2020-10964)

GlassFish CVE-2016-5519 Vulnerability (CVE-2016-5519)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-0450)

WordPress Plugin WP YouTube Live Cross-Site Scripting (1.7.21)

Severity

Low

Classification

CVE-1999-1538

Tags

Missing Update Known Vulnerabilities