ID CVE-1999-1538
Summary When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
References
Vulnerable Configurations
  • Microsoft IIS 4.0
    cpe:2.3:a:microsoft:internet_information_server:4.0
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description NT IIS4 Remote Web-Based Administration Vulnerability. CVE-1999-1538. Remote exploit for windows platform
id EDB-ID:19147
last seen 2016-02-02
modified 1999-01-14
published 1999-01-14
reporter Mnemonix
source https://www.exploit-db.com/download/19147/
title NT IIS4 - Remote Web-Based Administration Vulnerability
nessus via4
NASL family Web Servers
NASL id IISADMIN.NASL
description When Microsoft Internet Information Server (IIS) 4.0 is upgraded from version 2.0 or 3.0 the ism.dll file is left in the /scripts/iisadmin directory. This script discloses sensitive information via a specially crafted URL which could lead to elevated privileges. An attacker could use this to gain access to the administrator's password.
last seen 2019-02-21
modified 2018-11-15
plugin id 10358
published 2000-04-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10358
title Microsoft IIS /iisadmin Unrestricted Access
refmap via4
bid 189
bugtraq 19990114 MS IIS 4.0 Security Advisory
ntbugtraq 19990114 MS IIS 4.0 Security Advisory
Last major update 17-10-2016 - 22:05
Published 14-01-1999 - 00:00
Back to Top