ID

VAR-199906-0005


CVE

CVE-1999-1412


TITLE

Apple MacOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

DESCRIPTION

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GET request to a CGI script in a loop. The system will panic and display a stack trace with ipc_task_init. Although the vulnerability is not related to web servering it can only be reproduced so far using this means

Trust: 1.26

sources: NVD: CVE-1999-1412 // BID: 306 // VULHUB: VHN-1393

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:1.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion: -

Trust: 1.0

vendor:apachemodel:http serverscope: - version: -

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

sources: BID: 306 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1412
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199906-009
value: CRITICAL

Trust: 0.6

VULHUB: VHN-1393
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-1999-1412
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1393
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1393 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-1999-1412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1393

EXTERNAL IDS

db:NVDid:CVE-1999-1412

Trust: 2.0

db:BIDid:306

Trust: 2.0

db:CNNVDid:CNNVD-199906-009

Trust: 0.7

db:EXPLOIT-DBid:19244

Trust: 0.1

db:VULHUBid:VHN-1393

Trust: 0.1

sources: VULHUB: VHN-1393 // BID: 306 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

REFERENCES

url:http://www.securityfocus.com/bid/306

Trust: 2.7

url:http://www.securityfocus.com/archive/1/14215

Trust: 2.7

url:http://www.heise.de/ct/english/99/13/186/

Trust: 0.3

sources: VULHUB: VHN-1393 // BID: 306 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

CREDITS

1999 by Iain Collins <icollins@scotland.net>., 1999 by Juergen Schmidt <ju@ct.heise.de>. Solution pointed out to SecurityFocus on July 21,This vulnerability was published in the BUGTRAQ mailing list on June 3

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

SOURCES

db:VULHUBid:VHN-1393
db:BIDid:306
db:CNNVDid:CNNVD-199906-009
db:NVDid:CVE-1999-1412

LAST UPDATE DATE

2024-11-22T22:54:55.365000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1393date:2008-09-05T00:00:00
db:BIDid:306date:2009-07-11T00:16:00
db:CNNVDid:CNNVD-199906-009date:2021-04-22T00:00:00
db:NVDid:CVE-1999-1412date:2024-11-20T23:31:03.220

SOURCES RELEASE DATE

db:VULHUBid:VHN-1393date:1999-06-03T00:00:00
db:BIDid:306date:1999-06-03T00:00:00
db:CNNVDid:CNNVD-199906-009date:1999-06-03T00:00:00
db:NVDid:CVE-1999-1412date:1999-06-03T04:00:00