Details of VAR-199906-0005

ID

VAR-199906-0005

CVE

CVE-1999-1412

TITLE

Apple MacOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

DESCRIPTION

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GET request to a CGI script in a loop. The system will panic and display a stack trace with ipc_task_init. Although the vulnerability is not related to web servering it can only be reproduced so far using this means

Trust: 1.26

sources: NVD: CVE-1999-1412 // BID: 306 // VULHUB: VHN-1393

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	-	Trust: 1.0
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.3

sources: BID: 306 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1412
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-199906-009
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-1393
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-1412
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1393
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1393 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-1999-1412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1393

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1412	Trust: 2.0
db:	BID	id:	306	Trust: 2.0
db:	CNNVD	id:	CNNVD-199906-009	Trust: 0.7
db:	EXPLOIT-DB	id:	19244	Trust: 0.1
db:	VULHUB	id:	VHN-1393	Trust: 0.1

sources: VULHUB: VHN-1393 // BID: 306 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

REFERENCES

url:	http://www.securityfocus.com/bid/306	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/14215	Trust: 1.7
url:	http://www.heise.de/ct/english/99/13/186/	Trust: 0.3

sources: VULHUB: VHN-1393 // BID: 306 // CNNVD: CNNVD-199906-009 // NVD: CVE-1999-1412

CREDITS

1999 by Iain Collins <icollins@scotland.net>., 1999 by Juergen Schmidt <ju@ct.heise.de>. Solution pointed out to SecurityFocus on July 21,This vulnerability was published in the BUGTRAQ mailing list on June 3

Trust: 0.6

sources: CNNVD: CNNVD-199906-009

SOURCES

db:	VULHUB	id:	VHN-1393
db:	BID	id:	306
db:	CNNVD	id:	CNNVD-199906-009
db:	NVD	id:	CVE-1999-1412

LAST UPDATE DATE

2024-08-14T15:36:16.940000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1393	date:	2008-09-05T00:00:00
db:	BID	id:	306	date:	2009-07-11T00:16:00
db:	CNNVD	id:	CNNVD-199906-009	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-1999-1412	date:	2021-09-22T14:22:24.070

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1393	date:	1999-06-03T00:00:00
db:	BID	id:	306	date:	1999-06-03T00:00:00
db:	CNNVD	id:	CNNVD-199906-009	date:	1999-06-03T00:00:00
db:	NVD	id:	CVE-1999-1412	date:	1999-06-03T04:00:00