Details of VAR-199908-0035

ID

VAR-199908-0035

CVE

CVE-1999-0867

TITLE

NT IIS error HTTP Request header DoS Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199908-018

DESCRIPTION

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang

Trust: 1.17

sources: NVD: CVE-1999-0867 // BID: 579

AFFECTED PRODUCTS

vendor:	microsoft	model:	commercial internet system	scope:	eq	version:	2.5	Trust: 1.9
vendor:	microsoft	model:	commercial internet system	scope:	eq	version:	2.0	Trust: 1.9
vendor:	microsoft	model:	internet information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	microsoft	model:	site server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	microsoft	model:	site server commerce edition i386	scope:	eq	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	site server commerce edition alpha	scope:	eq	version:	3.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 579 // CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0867
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-199908-018
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-1999-0867
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-1999-0867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199908-018

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-199908-018

EXTERNAL IDS

db:	BID	id:	579	Trust: 1.9
db:	NVD	id:	CVE-1999-0867	Trust: 1.6
db:	MS	id:	MS99-029	Trust: 0.6
db:	MSKB	id:	Q238349	Trust: 0.6
db:	CIAC	id:	J-058	Trust: 0.6
db:	CNNVD	id:	CNNVD-199908-018	Trust: 0.6

sources: BID: 579 // CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

REFERENCES

url:	http://www.securityfocus.com/bid/579	Trust: 1.6
url:	http://www.ciac.org/ciac/bulletins/j-058.shtml	Trust: 1.6
url:	http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq238349	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-029	Trust: 1.0
url:	http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx	Trust: 0.6
url:	http://support.microsoft.com/default.aspx?scid=kb;%5bln%5d;q238349	Trust: 0.6
url:	http://www.microsoft.com/technet/security/bulletin/fq99-029.asp	Trust: 0.3
url:	http://support.microsoft.com/support/kb/articles/q238/3/49.asp	Trust: 0.3

sources: BID: 579 // CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

CREDITS

Reported to Microsoft by Nobuo Miwa <n-miwa@lac.co.jp>. Microsoft Security Bulletin MS99-029 released August 11, 1999.

Trust: 0.9

sources: BID: 579 // CNNVD: CNNVD-199908-018

SOURCES

db:	BID	id:	579
db:	CNNVD	id:	CNNVD-199908-018
db:	NVD	id:	CVE-1999-0867

LAST UPDATE DATE

2024-08-14T15:20:24.064000+00:00

SOURCES UPDATE DATE

db:	BID	id:	579	date:	1999-08-11T00:00:00
db:	CNNVD	id:	CNNVD-199908-018	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-1999-0867	date:	2023-11-07T01:55:03.710

SOURCES RELEASE DATE

db:	BID	id:	579	date:	1999-08-11T00:00:00
db:	CNNVD	id:	CNNVD-199908-018	date:	1999-08-11T00:00:00
db:	NVD	id:	CVE-1999-0867	date:	1999-08-11T04:00:00