← CVECheck
HomeVulnerabilities

CVE-1999-1397 — HIGH severity vulnerability (Index Server 2.0 on IIS 4.0 stores physical path information)

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

CVE IDCVE-1999-1397
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published1999-03-23
Last modified2026-04-16
DescriptionIndex Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →