CVE-1999-1397

Published Mar 23, 1999

Last updated 8 years ago

Overview

Description: Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:index_server:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D56759FD-DE03-4E90-8688-B6A49AA24F25"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References