ID

VAR-199906-0024


CVE

CVE-1999-0874


TITLE

Microsoft IIS Vulnerable to buffer overflow due to malformed requests

Trust: 0.8

sources: JVNDB: JVNDB-1999-000017

DESCRIPTION

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. This vulnerability may allow a remote attacker to execute arbitrary code on the target machine. IIS supports a number of file extensions that require futher processing. When a request is made for one of these types of files a specific DLL processes it

Trust: 1.89

sources: NVD: CVE-1999-0874 // JVNDB: JVNDB-1999-000017 // BID: 307

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:windows ntscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:windows ntscope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows ntscope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows nt sp6scope:neversion:4.0

Trust: 0.3

sources: BID: 307 // JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0874
value: HIGH

Trust: 1.0

NVD: CVE-1999-0874
value: HIGH

Trust: 0.8

CNNVD: CNNVD-199906-019
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-1999-0874
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-1999-0874
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-1999-000017 // NVD: CVE-1999-0874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199906-019

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-199906-019

CONFIGURATIONS

sources: JVNDB: JVNDB-1999-000017

PATCH

title:MS99-019url:http://www.microsoft.com/technet/security/bulletin/ms99-019.asp

Trust: 0.8

sources: JVNDB: JVNDB-1999-000017

EXTERNAL IDS

db:NVDid:CVE-1999-0874

Trust: 2.4

db:BIDid:307

Trust: 1.1

db:JVNDBid:JVNDB-1999-000017

Trust: 0.8

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:915

Trust: 0.6

db:CIACid:J-048

Trust: 0.6

db:MSid:MS99-019

Trust: 0.6

db:EEYEid:AD06081999

Trust: 0.6

db:MSKBid:Q234905

Trust: 0.6

db:NSFOCUSid:3316

Trust: 0.6

db:CNNVDid:CNNVD-199906-019

Trust: 0.6

sources: BID: 307 // JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

REFERENCES

url:http://www.eeye.com/html/research/advisories/ad06081999.html

Trust: 2.6

url:http://www.ciac.org/ciac/bulletins/j-048.shtml

Trust: 2.6

url:http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq234905

Trust: 2.0

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-019

Trust: 2.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a915

Trust: 2.0

url:http://www.cert.org/advisories/ca-1999-07.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0874

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0874

Trust: 0.8

url:http://www.securityfocus.com/bid/307

Trust: 0.8

url:http://www.microsoft.com/technet/security/bulletin/ms99-019.asp

Trust: 0.6

url:http://support.microsoft.com/default.aspx?scid=kb;%5bln%5d;q234905

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:915

Trust: 0.6

url:http://www.nsfocus.net/vulndb/3316

Trust: 0.6

url:http://www.eeye.com

Trust: 0.3

url:http://metasploit.com/projects/framework/exploits.html

Trust: 0.3

url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-019.asp

Trust: 0.3

url:http://support.microsoft.com/support/kb/articles/q234/9/05.asp

Trust: 0.3

sources: BID: 307 // JVNDB: JVNDB-1999-000017 // CNNVD: CNNVD-199906-019 // NVD: CVE-1999-0874

CREDITS

eEye Digital Security Team

Trust: 0.6

sources: CNNVD: CNNVD-199906-019

SOURCES

db:BIDid:307
db:JVNDBid:JVNDB-1999-000017
db:CNNVDid:CNNVD-199906-019
db:NVDid:CVE-1999-0874

LAST UPDATE DATE

2024-11-22T23:03:23.114000+00:00


SOURCES UPDATE DATE

db:BIDid:307date:1999-06-15T00:00:00
db:JVNDBid:JVNDB-1999-000017date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199906-019date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0874date:2024-11-20T23:29:44.620

SOURCES RELEASE DATE

db:BIDid:307date:1999-06-15T00:00:00
db:JVNDBid:JVNDB-1999-000017date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-199906-019date:1999-06-16T00:00:00
db:NVDid:CVE-1999-0874date:1999-06-16T04:00:00