cbcvebase.
CVE-1999-1591
published 1999-12-31

CVE-1999-1591: Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under…

PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
11.27%
95.4th percentile
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_information_server
microsoftvisual_interdev
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.