CVE-1999-0407

CVSS 2.0 Score 10 of 10 (high)

Details

Published Feb 9, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-0407 is a vulnerability affecting IIS 4.0 servers. By default, these servers include a virtual directory named "/IISADMPWD." This directory contains files that can be exploited for brute force password attacks or used to identify valid users on the system. An attacker can send specific HTTP requests to this directory to gain unauthorized access to the server. The presence of this directory poses a significant security risk, and it is recommended that administrators remove or secure it to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft IIS

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/Lb5frA
https://www.cve.org/CVERecord?id=CVE-1999-0407
https://nvd.nist.gov/vuln/detail/CVE-1999-0407

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners