ID

VAR-199908-0035


CVE

CVE-1999-0867


TITLE

NT IIS error HTTP Request header DoS Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199908-018

DESCRIPTION

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. Microsoft IIS and all other products that use the IIS web engine have a vulnerability whereby a flood of specially formed HTTP request headers will make IIS consume all available memory on the server and then hang

Trust: 1.17

sources: NVD: CVE-1999-0867 // BID: 579

AFFECTED PRODUCTS

vendor:microsoftmodel:commercial internet systemscope:eqversion:2.5

Trust: 1.9

vendor:microsoftmodel:commercial internet systemscope:eqversion:2.0

Trust: 1.9

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:site serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:site server commerce edition i386scope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:site server commerce edition alphascope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

sources: BID: 579 // CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0867
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199908-018
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-1999-0867
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-1999-0867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199908-018

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-199908-018

EXTERNAL IDS

db:BIDid:579

Trust: 1.9

db:NVDid:CVE-1999-0867

Trust: 1.6

db:MSid:MS99-029

Trust: 0.6

db:MSKBid:Q238349

Trust: 0.6

db:CIACid:J-058

Trust: 0.6

db:CNNVDid:CNNVD-199908-018

Trust: 0.6

sources: BID: 579 // CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

REFERENCES

url:http://www.securityfocus.com/bid/579

Trust: 2.6

url:http://www.ciac.org/ciac/bulletins/j-058.shtml

Trust: 2.6

url:http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq238349

Trust: 2.0

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-029

Trust: 2.0

url:http://www.microsoft.com/technet/security/bulletin/ms99-029.mspx

Trust: 0.6

url:http://support.microsoft.com/default.aspx?scid=kb;%5bln%5d;q238349

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/fq99-029.asp

Trust: 0.3

url:http://support.microsoft.com/support/kb/articles/q238/3/49.asp

Trust: 0.3

sources: BID: 579 // CNNVD: CNNVD-199908-018 // NVD: CVE-1999-0867

CREDITS

Reported to Microsoft by Nobuo Miwa <n-miwa@lac.co.jp>. Microsoft Security Bulletin MS99-029 released August 11, 1999.

Trust: 0.9

sources: BID: 579 // CNNVD: CNNVD-199908-018

SOURCES

db:BIDid:579
db:CNNVDid:CNNVD-199908-018
db:NVDid:CVE-1999-0867

LAST UPDATE DATE

2024-11-22T23:14:59.341000+00:00


SOURCES UPDATE DATE

db:BIDid:579date:1999-08-11T00:00:00
db:CNNVDid:CNNVD-199908-018date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0867date:2024-11-20T23:29:43.677

SOURCES RELEASE DATE

db:BIDid:579date:1999-08-11T00:00:00
db:CNNVDid:CNNVD-199908-018date:1999-08-11T00:00:00
db:NVDid:CVE-1999-0867date:1999-08-11T04:00:00