Description

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Remediation

References

CVE-1999-1538

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6291)

Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28734)

WordPress Plugin WPJobBoard Multiple Cross-Site Scripting Vulnerabilities (4.5.1)

OpenSSL Improper Authentication Vulnerability (CVE-2010-4252)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3597)

Severity

Low

Classification

CVE-1999-1538

Tags

Missing Update Known Vulnerabilities