ID

VAR-199912-0172


CVE

CVE-1999-1591


TITLE

Microsoft VisualInterDev 6.0 - IIS4 No authentication management vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-112

DESCRIPTION

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. Microsoft Visual InterDev 6.0 client is prone to vulnerability that permits attackers to gain unauthorized access to the affected application. Reportedly, a Visual InterDev 6.0 client may be able to connect to an IIS4 Web Server and manage the website without requiring any user auhentication. This issue may be associated with security permissions applied by FrontPage tools. It is unclear exactly what is allowing this to happen or under what combination of Service Pack / hotfix this may occur

Trust: 1.17

sources: NVD: CVE-1999-1591 // BID: 190

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:visual interdevscope:eqversion:6.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

sources: BID: 190 // CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1591
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199912-112
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-1999-1591
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199912-112

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-199912-112

EXTERNAL IDS

db:BIDid:190

Trust: 1.9

db:NVDid:CVE-1999-1591

Trust: 1.6

db:NTBUGTRAQid:19990118 IIS4.0 AND VISUAL INTERDEV

Trust: 0.6

db:NTBUGTRAQid:19990119 RE: IIS4.0 AND VISUAL INTERDEV

Trust: 0.6

db:CNNVDid:CNNVD-199912-112

Trust: 0.6

sources: BID: 190 // CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

REFERENCES

url:http://www.securityfocus.com/bid/190

Trust: 2.6

url:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html

Trust: 2.6

url:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html

Trust: 2.6

sources: CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

CREDITS

This vulnerability was first identified and posted to NTBugtraq by Adam Berns. Follow-up research has been posted by:Charlie Roberts, Christopher Timmons, Randy Walker, and Jesper M. Johansson.

Trust: 0.9

sources: BID: 190 // CNNVD: CNNVD-199912-112

SOURCES

db:BIDid:190
db:CNNVDid:CNNVD-199912-112
db:NVDid:CVE-1999-1591

LAST UPDATE DATE

2024-11-22T23:05:58.737000+00:00


SOURCES UPDATE DATE

db:BIDid:190date:2007-07-12T18:07:00
db:CNNVDid:CNNVD-199912-112date:2007-08-01T00:00:00
db:NVDid:CVE-1999-1591date:2024-11-20T23:31:29.217

SOURCES RELEASE DATE

db:BIDid:190date:1999-01-18T00:00:00
db:CNNVDid:CNNVD-199912-112date:1999-12-31T00:00:00
db:NVDid:CVE-1999-1591date:1999-12-31T05:00:00