GEN:SID 1:1018
Message WEB-IIS iisadmpwd attempt
Summary This event is generated when an attempt is made to request an HTTP-based password change.
Impact Information gathering/remote access.  Error messages from failed password changes can indicate whether a given account exists on the server.  Successful password changes can allow remote access to the server.
Detailed Information Microsoft Internet Information Services (IIS) version 4 supplies a feature to allow users to make remote password changes.  The iisadmpwd directory has several .HTR files that are used to implement the password changes.  An attacker can request a change and use a returned form to supply an account name, existing password, and new password either to attempt brute force changes or to discover whether a specific account name exist.
Affected Systems Microsoft IIS 4.0
Attack Scenarios An attacker can request password changes to discover existing accounts or attempt brute force password changes.
Ease of Attack Simple.
Corrective Action Remove the IISADMPWD virtual directory to disable remote password changes.

Consider running the IIS Lockdown Tool to disable HTR functionality.
Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0407

Bugtraq
http://www.securityfocus.com/bid/2110

Rule References bugtraq: 1191
bugtraq: 2110
cve: 2000-0304