Details of VAR-199912-0172

ID

VAR-199912-0172

CVE

CVE-1999-1591

TITLE

Microsoft VisualInterDev 6.0 - IIS4 No authentication management vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-112

DESCRIPTION

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. Microsoft Visual InterDev 6.0 client is prone to vulnerability that permits attackers to gain unauthorized access to the affected application. Reportedly, a Visual InterDev 6.0 client may be able to connect to an IIS4 Web Server and manage the website without requiring any user auhentication. This issue may be associated with security permissions applied by FrontPage tools. It is unclear exactly what is allowing this to happen or under what combination of Service Pack / hotfix this may occur

Trust: 1.17

sources: NVD: CVE-1999-1591 // BID: 190

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	visual interdev	scope:	eq	version:	6.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 190 // CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1591
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199912-112
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-1999-1591
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199912-112

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-199912-112

EXTERNAL IDS

db:	BID	id:	190	Trust: 1.9
db:	NVD	id:	CVE-1999-1591	Trust: 1.6
db:	NTBUGTRAQ	id:	19990118 IIS4.0 AND VISUAL INTERDEV	Trust: 0.6
db:	NTBUGTRAQ	id:	19990119 RE: IIS4.0 AND VISUAL INTERDEV	Trust: 0.6
db:	CNNVD	id:	CNNVD-199912-112	Trust: 0.6

sources: BID: 190 // CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

REFERENCES

url:	http://www.securityfocus.com/bid/190	Trust: 1.6
url:	http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00277.html	Trust: 1.6
url:	http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00276.html	Trust: 1.6

sources: CNNVD: CNNVD-199912-112 // NVD: CVE-1999-1591

CREDITS

This vulnerability was first identified and posted to NTBugtraq by Adam Berns. Follow-up research has been posted by:Charlie Roberts, Christopher Timmons, Randy Walker, and Jesper M. Johansson.

Trust: 0.9

sources: BID: 190 // CNNVD: CNNVD-199912-112

SOURCES

db:	BID	id:	190
db:	CNNVD	id:	CNNVD-199912-112
db:	NVD	id:	CVE-1999-1591

LAST UPDATE DATE

2024-08-14T15:25:52.857000+00:00

SOURCES UPDATE DATE

db:	BID	id:	190	date:	2007-07-12T18:07:00
db:	CNNVD	id:	CNNVD-199912-112	date:	2007-08-01T00:00:00
db:	NVD	id:	CVE-1999-1591	date:	2008-09-05T20:19:53.507

SOURCES RELEASE DATE

db:	BID	id:	190	date:	1999-01-18T00:00:00
db:	CNNVD	id:	CNNVD-199912-112	date:	1999-12-31T00:00:00
db:	NVD	id:	CVE-1999-1591	date:	1999-12-31T05:00:00