Configuration Issue in Microsoft Site Server 3.0 Exposes Sensitive Database Information
CVE-1999-1520

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server
Vendor: CVE Published:; 11 May 1999

Summary

A vulnerability occurs in Microsoft Site Server 3.0 due to a misconfiguration in the Ad Server Sample directory (AdSamples). This flaw allows attackers to access the SITE.CSC file, which may contain sensitive information pertaining to SQL databases, including identifiers and passwords. This exposure can lead to unauthorized access and various security risks. Organizations using Microsoft Site Server 3.0 should take measures to rectify this configuration issue to prevent potential data breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/2270

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/256

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=92647407227303&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
May 11, 1999