Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1520 — Microsoft Site Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

43.0%

top 2.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Site Server

Timeline

PublishedMay 11

Latest updateApr 30

Description

A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/site_server3.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-35r7-w24m-px2g: A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3↗2022-04-30

▶

CVEList

CVE-1999-1520: A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information↗1999-05-11

▶