ID

VAR-199912-0052


CVE

CVE-1999-1233


TITLE

IIS Restrict access vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-180

DESCRIPTION

IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. Any subsequent requests will be denied

Trust: 1.17

sources: NVD: CVE-1999-1233 // BID: 657

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:commercial internet systemscope:eqversion:2.5

Trust: 0.3

sources: BID: 657 // CNNVD: CNNVD-199912-180 // NVD: CVE-1999-1233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1233
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199912-180
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-1999-1233
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-199912-180 // NVD: CVE-1999-1233

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199912-180

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199912-180

EXTERNAL IDS

db:BIDid:657

Trust: 1.9

db:NVDid:CVE-1999-1233

Trust: 1.6

db:MSKBid:241562

Trust: 0.6

db:XFid:3306

Trust: 0.6

db:MSid:MS99-039

Trust: 0.6

db:CNNVDid:CNNVD-199912-180

Trust: 0.6

sources: BID: 657 // CNNVD: CNNVD-199912-180 // NVD: CVE-1999-1233

REFERENCES

url:http://support.microsoft.com/support/kb/articles/q241/5/62.asp

Trust: 2.9

url:http://www.securityfocus.com/bid/657

Trust: 2.6

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-039

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/3306

Trust: 2.0

url:http://xforce.iss.net/static/3306.php

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/fq99-039.asp

Trust: 0.3

sources: BID: 657 // CNNVD: CNNVD-199912-180 // NVD: CVE-1999-1233

CREDITS

This was first publicized in Microsoft Security Bulletin MS99-039, released September 23, 1999.

Trust: 0.3

sources: BID: 657

SOURCES

db:BIDid:657
db:CNNVDid:CNNVD-199912-180
db:NVDid:CVE-1999-1233

LAST UPDATE DATE

2024-11-22T23:00:47.623000+00:00


SOURCES UPDATE DATE

db:BIDid:657date:1999-09-23T00:00:00
db:CNNVDid:CNNVD-199912-180date:2005-10-12T00:00:00
db:NVDid:CVE-1999-1233date:2024-11-20T23:30:37.883

SOURCES RELEASE DATE

db:BIDid:657date:1999-09-23T00:00:00
db:CNNVDid:CNNVD-199912-180date:1999-12-31T00:00:00
db:NVDid:CVE-1999-1233date:1999-12-31T05:00:00