cbcvebase.
CVE-1999-0386
published 1999-03-01

CVE-1999-0386: Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a…

PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
19.10%
97.0th percentile
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftpersonal_web_server

Detection & IOCsextracted from sources · hover to see the quote

path/authors.pwd
snort
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER authors.pwd access"; flow:established,to_server; http.uri; content:"/authors.pwd"; nocase; reference:bugtraq,989; reference:cve,1999-0386; reference:nessus,10078; classtype:web-application-activity; sid:2100951; rev:15; metadata:created_at 2010_09_23, cve CVE_1999_0386, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
  • Detect directory traversal attempts using the '/..../' pattern (four dots) in HTTP request URIs targeting Microsoft Personal Web Server / FrontPage Personal Web Server.
  • Monitor HTTP requests for access to 'authors.pwd', a FrontPage credential file that becomes readable via the traversal vulnerability.
  • Hidden files are accessible via this traversal method; inspect HTTP logs for nonstandard URL patterns containing four-dot sequences ('....') combined with directory/file paths.
  • ·Only Windows 9x (Win95/98) versions of Microsoft Personal Web Server and FrontPage Personal Web Server are vulnerable; Windows NT versions are NOT affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.