Information Disclosure Vulnerability in Index Server 2.0 by Microsoft
CVE-1999-1397

Currently unrated

Key Information:

Vendor: Microsoft
Status: Index Server
Vendor: CVE Published:; 23 March 1999

Summary

The Index Server 2.0 on IIS 4.0 contains a vulnerability where the physical path information of indexed directories is stored in the ContentIndex\Catalogs subkey of the AllowedPaths registry key. This configuration inadvertently permits both local and remote users to access sensitive directory paths. This exposure can lead to further exploitation, as attackers might use this information to gain unauthorized access to files and resources on the server.

References

http://www.iss.net/security_center/static/7559.php

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=92242671024118&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=ntbugtraq&m=92223293409756&w=2

mailing-listx_refsource_NTBUGTRAQ

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Mar 23, 1999