← CVECheck
HomeVulnerabilities

CVE-1999-1538 — LOW severity vulnerability (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertent)

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

CVE IDCVE-1999-1538
SeverityLOW
CVSS score2.1
CVSS vectorAV:L/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published1999-01-14
Last modified2026-04-16
DescriptionWhen IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →