CVE-1999-0407
CVSS 2.0 Score 10.0 of 10 (high)
Details
Summary
CVE-1999-0407 is a vulnerability affecting IIS 4.0. By default, this version of IIS includes a virtual directory named "/IISADMPWD." Hackers can exploit this directory to launch brute force attacks or identify valid usernames on the system by accessing files contained within. These files can be used as proxies to gain unauthorized access to the system. This vulnerability is significant as it exposes sensitive information and provides an avenue for potential attacks. To mitigate this risk, administrators should immediately remove the "/IISADMPWD" virtual directory or restrict access to it.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft IIS
Affected Vendors
- Microsoft