| Vulnerability Name: | CVE-1999-1591 (CCN-1735) | ||||||||
| Assigned: | 1999-01-18 | ||||||||
| Published: | 1999-01-18 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: NTBugTraq Mailing List, Mon, 18 Jan 1999 11:58:06 -0800 IIS4.0 and Visual Interdev Source: NTBUGTRAQ Type: UNKNOWN 19990118 IIS4.0 and Visual Interdev Source: CCN Type: NTBugTraq Mailing List, Tue, 19 Jan 1999 13:08:38 -0500 Re: IIS4.0 and Visual Interdev Source: NTBUGTRAQ Type: UNKNOWN 19990119 Re: IIS4.0 and Visual Interdev Source: MITRE Type: CNA CVE-1999-1591 Source: CCN Type: OSVDB ID: 45583 Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass Source: BID Type: UNKNOWN 190 Source: CCN Type: BID-190 Microsoft VisualInterDev 6.0 - IIS4- Management With No Authentication Vulnerability Source: XF Type: UNKNOWN iis-interdev-no-authentication(1735) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||