CVE-1999-0407Improper Control of Interaction Frequency in Microsoft Internet Information Server

5 documents4 sources
Severity
10.0CRITICALNVD
EPSS
29.6%
top 3.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Information Server
Timeline
PublishedFeb 9
Latest updateApr 30

Description

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h954-xhrf-5v4c: By default, IIS 42022-04-30
CVEList
CVE-1999-0407: By default, IIS 42000-06-02

🔍Detection Rules

2
Suricata
GPL EXPLOIT iisadmpwd attempt2010-09-23
Suricata
GPL EXPLOIT /iisadmpwd/aexp2.htr access2010-09-23
CVE-1999-0407 — Microsoft vulnerability | cvebase