Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1397


Vulnerability Score 7.5 7.5
CVE Id CVE-1999-1397
Last Modified 10 Sep 2008 03:01:51
Published 23 Mar 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

Vulnerable Systems


  • Microsoft Index Server 2.0


BUGTRAQ - 19990323 Index Server 2.0 and the Registry

BID - 476

XF - iis-indexserver-reveal-path(7559)

Last Updated: 27 May 2016 10:35:24