CVE Catalog

CVE-1999-1538

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
25.46%

98th percentile — higher than 98% of all known CVEs

Summary

When upgrading from IIS 2 or 3 to IIS 4, the ism.dll file is left in the /scripts/iisadmin directory, which does not restrict access to the local machine. This allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Risk Assessment

The organization is exposed to unauthorized access to critical data, which can lead to serious security breaches and loss of confidentiality of information.

Recommendation

It is recommended to remove the ism.dll file from the /scripts/iisadmin directory and implement appropriate access security measures.

Original NVD description (English source)

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS