CVE-1999-1397

Published: Mar 23, 1999Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

Affected (1)

Products: Microsoft: Index Server

Microsoft

1 product

Index Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Index Server	Version 2.0

References (8)

http://marc.info/?l=bugtraq&m=92242671024118&w=2

Source: cve@mitre.org

http://marc.info/?l=ntbugtraq&m=92223293409756&w=2

Source: cve@mitre.org

http://www.iss.net/security_center/static/7559.php

Source: cve@mitre.org

http://www.securityfocus.com/bid/476

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=92242671024118&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=ntbugtraq&m=92223293409756&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/7559.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/476

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.