Details of VAR-199901-0162

ID

VAR-199901-0162

CVE

CVE-1999-0449

TITLE

Microsoft IIS of ExAir Service disruption at the sample site (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-1999-000002

DESCRIPTION

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. An IIS4 sample site "ExAir" has three ASP pages, that if called directly without having the sample site dlls running, will cause the server CPU to increase to 100%. These pages include: Exair - root/search/advsearch.asp Exair - root/search/query.asp Exair -root/search/search.asp

Trust: 1.89

sources: NVD: CVE-1999-0449 // JVNDB: JVNDB-1999-000002 // BID: 193

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 1.1

sources: BID: 193 // JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0449
value:	HIGH
Trust: 1.0
NVD:	CVE-1999-0449
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-199901-052
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-1999-0449
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0449

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199901-052

TYPE

Unknown

Trust: 0.9

sources: BID: 193 // CNNVD: CNNVD-199901-052

CONFIGURATIONS

sources: JVNDB: JVNDB-1999-000002

PATCH

title:

Top Page

url:

http://www.microsoft.com/ja/jp/default.aspx

Trust: 0.8

sources: JVNDB: JVNDB-1999-000002

EXTERNAL IDS

db:	BID	id:	193	Trust: 2.7
db:	NVD	id:	CVE-1999-0449	Trust: 2.4
db:	OSVDB	id:	3	Trust: 1.6
db:	OSVDB	id:	2	Trust: 1.6
db:	OSVDB	id:	4	Trust: 1.6
db:	JVNDB	id:	JVNDB-1999-000002	Trust: 0.8
db:	CNNVD	id:	CNNVD-199901-052	Trust: 0.6

sources: BID: 193 // JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

REFERENCES

url:	http://www.securityfocus.com/bid/193	Trust: 2.4
url:	http://www.osvdb.org/4	Trust: 1.6
url:	http://www.osvdb.org/3	Trust: 1.6
url:	http://www.osvdb.org/2	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0449	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0449	Trust: 0.8

sources: JVNDB: JVNDB-1999-000002 // CNNVD: CNNVD-199901-052 // NVD: CVE-1999-0449

CREDITS

David Litchfield※ david@nextgenss.com

Trust: 0.6

sources: CNNVD: CNNVD-199901-052

SOURCES

db:	BID	id:	193
db:	JVNDB	id:	JVNDB-1999-000002
db:	CNNVD	id:	CNNVD-199901-052
db:	NVD	id:	CVE-1999-0449

LAST UPDATE DATE

2024-08-14T14:59:36.543000+00:00

SOURCES UPDATE DATE

db:	BID	id:	193	date:	1999-01-26T00:00:00
db:	JVNDB	id:	JVNDB-1999-000002	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-199901-052	date:	2006-11-16T00:00:00
db:	NVD	id:	CVE-1999-0449	date:	2008-09-09T12:34:33.040

SOURCES RELEASE DATE

db:	BID	id:	193	date:	1999-01-26T00:00:00
db:	JVNDB	id:	JVNDB-1999-000002	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-199901-052	date:	1999-01-26T00:00:00
db:	NVD	id:	CVE-1999-0449	date:	1999-01-26T05:00:00