GEN:SID 1:1487
Message WEB-IIS /iisadmpwd/aexp2.htr access
Summary This event is generated when an attempt is made to request an HTTP-based password change.
Impact Information gathering/remote access.  Error messages from failed password changes can indicate whether a given account exists on the server.  Successful password changes can allow remote access to the server.
Detailed Information Microsoft Internet Information Services (IIS) Version 4 supplies a feature to allow users to make remote password changes.  The iisadmpwd directory has several .HTR files that are used to implement the password changes.  An attacker can request a change and use a returned form to supply an account name, existing password, and new password either to brute force changes or discover whether a specific account name exist.
Affected Systems Microsoft IIS 4.0
Attack Scenarios An attacker can request password changes to discover existing accounts or brute force password changes.
Ease of Attack Simple.
Corrective Action Remove the IISADMPWD virtual directory to disable remote password changes.

Consider running the IIS Lockdown Tool to disable HTR functionality.
Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0407

Bugtraq
http://www.securityfocus.com/bid/2110
Rule References bugtraq: 2110
bugtraq: 4236
cve: 1999-0407
cve: 2002-0421
nessus: 10371