Inadvertent Exposure of Sensitive Server Information in IIS 4 Upgrade

Inadvertent Exposure of Sensitive Server Information in IIS 4 Upgrade

CVE-1999-1538 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Learn more about our Cis Benchmark Audit For Microsoft Iis.