Details of VAR-199906-0024

ID

VAR-199906-0024

CVE

CVE-1999-0874

TITLE

Microsoft IIS Vulnerable to buffer overflow due to malformed requests

Trust: 0.8

sources: JVNDB: JVNDB-1999-000017

DESCRIPTION

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. IIS supports a number of file extensions that require futher processing. When a request is made for one of these types of files a specific DLL processes it

Trust: 1.89

sources: NVD: CVE-1999-0874 // JVNDB: JVNDB-1999-000017 // BID: 307

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 1.1
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	windows nt	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	windows 2000	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	windows nt	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	windows nt sp6	scope:	ne	version:	4.0	Trust: 0.3

sources: BID: 307 // JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0874
value:	HIGH
Trust: 1.0
NVD:	CVE-1999-0874
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-199906-019
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-1999-0874
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-1999-0874
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-1999-000017 // NVD: CVE-1999-0874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199906-019

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-199906-019

CONFIGURATIONS

sources: JVNDB: JVNDB-1999-000017

PATCH

title:

MS99-019

url:

http://www.microsoft.com/technet/security/bulletin/ms99-019.asp

Trust: 0.8

sources: JVNDB: JVNDB-1999-000017

EXTERNAL IDS

db:	NVD	id:	CVE-1999-0874	Trust: 2.4
db:	BID	id:	307	Trust: 1.1
db:	JVNDB	id:	JVNDB-1999-000017	Trust: 0.8
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:915	Trust: 0.6
db:	CIAC	id:	J-048	Trust: 0.6
db:	MS	id:	MS99-019	Trust: 0.6
db:	EEYE	id:	AD06081999	Trust: 0.6
db:	MSKB	id:	Q234905	Trust: 0.6
db:	NSFOCUS	id:	3316	Trust: 0.6
db:	CNNVD	id:	CNNVD-199906-019	Trust: 0.6

sources: BID: 307 // JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

REFERENCES

url:	http://www.eeye.com/html/research/advisories/ad06081999.html	Trust: 1.6
url:	http://www.ciac.org/ciac/bulletins/j-048.shtml	Trust: 1.6
url:	http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq234905	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-019	Trust: 1.0
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a915	Trust: 1.0
url:	http://www.cert.org/advisories/ca-1999-07.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0874	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0874	Trust: 0.8
url:	http://www.securityfocus.com/bid/307	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms99-019.asp	Trust: 0.6
url:	http://support.microsoft.com/default.aspx?scid=kb;%5bln%5d;q234905	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:915	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/3316	Trust: 0.6
url:	http://www.eeye.com	Trust: 0.3
url:	http://metasploit.com/projects/framework/exploits.html	Trust: 0.3
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-019.asp	Trust: 0.3
url:	http://support.microsoft.com/support/kb/articles/q234/9/05.asp	Trust: 0.3

sources: BID: 307 // JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

CREDITS

eEye Digital Security Team

Trust: 0.6

sources: CNNVD: CNNVD-199906-019

SOURCES

db:	BID	id:	307
db:	JVNDB	id:	JVNDB-1999-000017
db:	CNNVD	id:	CNNVD-199906-019
db:	NVD	id:	CVE-1999-0874

LAST UPDATE DATE

2024-08-14T15:31:22.583000+00:00

SOURCES UPDATE DATE

db:	BID	id:	307	date:	1999-06-15T00:00:00
db:	JVNDB	id:	JVNDB-1999-000017	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-199906-019	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-1999-0874	date:	2023-11-07T01:55:03.950

SOURCES RELEASE DATE

db:	BID	id:	307	date:	1999-06-15T00:00:00
db:	JVNDB	id:	JVNDB-1999-000017	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-199906-019	date:	1999-06-16T00:00:00
db:	NVD	id:	CVE-1999-0874	date:	1999-06-16T04:00:00