Vulnerability Description
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Index Server | 2.0 |
References
- http://marc.info/?l=bugtraq&m=92242671024118&w=2
- http://marc.info/?l=ntbugtraq&m=92223293409756&w=2
- http://www.iss.net/security_center/static/7559.php
- http://www.securityfocus.com/bid/476
- http://marc.info/?l=bugtraq&m=92242671024118&w=2
- http://marc.info/?l=ntbugtraq&m=92223293409756&w=2
- http://www.iss.net/security_center/static/7559.php
- http://www.securityfocus.com/bid/476
FAQ
What is CVE-1999-1397?
CVE-1999-1397 is a vulnerability with a CVSS score of 7.5 (HIGH). Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physica...
How severe is CVE-1999-1397?
CVE-1999-1397 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1397?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Index Server.