Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/01/1999 Updated: 18/10/2016

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet information server 4.0

source: wwwsecurityfocuscom/bid/189/info Web-based administration for IIS 40 is, by default, limited to the local loopback address, 127001 In instances where IIS40 was installed as an upgrade to IIS 20 or 30, a legacy ISAPI DLL (ISMDLL) is left in the /scripts/iisadmin directory An attacker may call this DLL via the following sy ...

NVD-CWE-Other http://www.securityfocus.com/bid/189 http://marc.info/?l=ntbugtraq&m=91632724913080&w=2 http://marc.info/?l=bugtraq&m=91638375309890&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/19147/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-1999-1538

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect