Description

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Remediation

References

CVE-1999-0407

Related Vulnerabilities

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10945)

MySQL CVE-2020-14821 Vulnerability (CVE-2020-14821)

Zope Web Application Server Other Vulnerability (CVE-2005-3323)

Drupal Core 8.x.x Directory Traversal (8.0.0 - 8.5.15)

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)

Severity

Critical

Classification

CVE-1999-0407

Tags

Missing Update Known Vulnerabilities