CVE-1999-0386
published 1999-03-01CVE-1999-0386: Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
19.10%
97.0th percentile
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | personal_web_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER authors.pwd access"; flow:established,to_server; http.uri; content:"/authors.pwd"; nocase; reference:bugtraq,989; reference:cve,1999-0386; reference:nessus,10078; classtype:web-application-activity; sid:2100951; rev:15; metadata:created_at 2010_09_23, cve CVE_1999_0386, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
- →Detect directory traversal attempts using the '/..../' pattern (four dots) in HTTP request URIs targeting Microsoft Personal Web Server / FrontPage Personal Web Server. ↗
- →Monitor HTTP requests for access to 'authors.pwd', a FrontPage credential file that becomes readable via the traversal vulnerability. ↗
- →Hidden files are accessible via this traversal method; inspect HTTP logs for nonstandard URL patterns containing four-dot sequences ('....') combined with directory/file paths. ↗
- ·Only Windows 9x (Win95/98) versions of Microsoft Personal Web Server and FrontPage Personal Web Server are vulnerable; Windows NT versions are NOT affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL WEB_SERVER authors.pwd access
suricata·2010-09-23
CVE-1999-0386 GPL WEB_SERVER authors.pwd access
GPL WEB_SERVER authors.pwd access
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER authors.pwd access"; flow:established,to_server; http.uri; content:"/authors.pwd"; nocase; reference:bugtraq,989; reference:cve,1999-0386; reference:nessus,10078; classtype:web-application-activity; sid:2100951; rev:15; metadata:created_at 2010_09_23, cve CVE_1999_0386, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No writeups or analysis indexed.
1999-03-01
Published