CVE-1999-1397
First published: Tue Mar 23 1999(Updated: )
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Index Server | =2.0 | |
| =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1397?
CVE-1999-1397 is classified as a medium severity vulnerability.
How do I fix CVE-1999-1397?
To mitigate CVE-1999-1397, you should restrict permissions on the AllowedPaths registry key.
What systems are affected by CVE-1999-1397?
CVE-1999-1397 affects Microsoft Index Server 2.0 running on IIS 4.0.
What type of information is exposed by CVE-1999-1397?
CVE-1999-1397 exposes the physical path information of directories being indexed.
Can both local and remote users exploit CVE-1999-1397?
Yes, both local and remote users can exploit CVE-1999-1397 due to improper permissions.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/microsoft
- canonical/microsoft index server
- version/microsoft index server/2.0