CVE-1999-1591

Published: Dec 31, 1999Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.

Affected (2)

Products: Microsoft: Internet Information Server, Visual Interdev

2 products

Internet Information Server

Visual Interdev

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Information Server	Version 4.0 sp4
Microsoft Visual Interdev	Version 6.0

References (6)

http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/190

Source: cve@mitre.org

http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/190

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.