Lucene search

[email protected]CVE-1999-1397

HistoryMar 23, 1999 - 5:00 a.m.

CVE-1999-1397

1999-03-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1397

iis 4.0

index server 2.0

nvd

allowedpaths

registry key

path exposure.

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

CPENameOperatorVersion
microsoft:index_servermicrosoft index servereq2.0

CPE	Name	Operator	Version
microsoft:index_server	microsoft index server	eq	2.0

References

marc.info/?l=bugtraq&m=92242671024118&w=2

marc.info/?l=ntbugtraq&m=92223293409756&w=2

www.iss.net/security_center/static/7559.php

www.securityfocus.com/bid/476

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON