CVE-1999-1591

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

Published: Dec 31, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1591
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / visual_interdev	6.0	6.0.x
microsoft / internet_information_server	4.0-sp4	4.0-sp4.x

http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html
http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html
http://www.securityfocus.com/bid/190

Vulnerability Database

289,697

CVE-1999-1591