CVE-1999-1591Microsoft Internet Information Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
12.5%
top 6.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Internet Information ServerMicrosoft Visual Interdev
Timeline
PublishedDec 31
Latest updateApr 30

Description

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-x4j4-xc7j-8rv5: Microsoft Internet Information Services (IIS) server 42022-04-30
CVEList
CVE-1999-1591: Microsoft Internet Information Services (IIS) server 42007-07-05
CVE-1999-1591 — Microsoft vulnerability | cvebase