ID

VAR-199901-0162


CVE

CVE-1999-0449


TITLE

Microsoft IIS of ExAir Service disruption at the sample site (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-1999-000002

DESCRIPTION

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. An IIS4 sample site "ExAir" has three ASP pages, that if called directly without having the sample site dlls running, will cause the server CPU to increase to 100%. These pages include: Exair - root/search/advsearch.asp Exair - root/search/query.asp Exair -root/search/search.asp

Trust: 1.89

sources: NVD: CVE-1999-0449 // JVNDB: JVNDB-1999-000002 // BID: 193

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

sources: BID: 193 // JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0449
value: HIGH

Trust: 1.0

NVD: CVE-1999-0449
value: HIGH

Trust: 0.8

CNNVD: CNNVD-199901-052
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-1999-0449
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0449

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199901-052

TYPE

Unknown

Trust: 0.9

sources: BID: 193 // CNNVD: CNNVD-199901-052

CONFIGURATIONS

sources: JVNDB: JVNDB-1999-000002

PATCH

title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-1999-000002

EXTERNAL IDS

db:BIDid:193

Trust: 2.7

db:NVDid:CVE-1999-0449

Trust: 2.4

db:OSVDBid:3

Trust: 1.6

db:OSVDBid:2

Trust: 1.6

db:OSVDBid:4

Trust: 1.6

db:JVNDBid:JVNDB-1999-000002

Trust: 0.8

db:CNNVDid:CNNVD-199901-052

Trust: 0.6

sources: BID: 193 // JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

REFERENCES

url:http://www.securityfocus.com/bid/193

Trust: 3.4

url:http://www.osvdb.org/4

Trust: 2.6

url:http://www.osvdb.org/3

Trust: 2.6

url:http://www.osvdb.org/2

Trust: 2.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0449

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0449

Trust: 0.8

sources: JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

CREDITS

David Litchfield※ david@nextgenss.com

Trust: 0.6

sources: CNNVD: CNNVD-199901-052

SOURCES

db:BIDid:193
db:JVNDBid:JVNDB-1999-000002
db:CNNVDid:CNNVD-199901-052
db:NVDid:CVE-1999-0449

LAST UPDATE DATE

2024-11-22T23:07:03.700000+00:00


SOURCES UPDATE DATE

db:BIDid:193date:1999-01-26T00:00:00
db:JVNDBid:JVNDB-1999-000002date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199901-052date:2006-11-16T00:00:00
db:NVDid:CVE-1999-0449date:2024-11-20T23:28:45.850

SOURCES RELEASE DATE

db:BIDid:193date:1999-01-26T00:00:00
db:JVNDBid:JVNDB-1999-000002date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199901-052date:1999-01-26T00:00:00
db:NVDid:CVE-1999-0449date:1999-01-26T05:00:00