CVE-1999-0407

Description

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Affected products

• Microsoft / internet_information_server4.0 – 4.0

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=91983486431506&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=92000623021036&w=2