CVE-1999-1397

3 documents3 sources

Severity

7.5HIGH

EPSS

2.6%

top 14.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Index Server

Timeline

PublishedMar 23

Latest updateApr 30

Description

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/index_server2.0

🔴Vulnerability Details

GHSA

GHSA-vvqj-w228-7466: Index Server 2↗2022-04-30

▶

CVEList

CVE-1999-1397: Index Server 2↗2004-09-01

▶