CVE-1999-1246 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Microsoft	Site Server	3.0

References

http://support.microsoft.com/support/kb/articles/Q229/9/72.aspPatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/2068
http://support.microsoft.com/support/kb/articles/Q229/9/72.aspPatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

FAQ

What is CVE-1999-1246?

CVE-1999-1246 is a vulnerability with a CVSS score of 7.5 (HIGH). Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers ...

How severe is CVE-1999-1246?

CVE-1999-1246 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-1999-1246?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Site Server.