Sign-up

ID

VAR-200004-0053


CVE

CVE-2000-0299


TITLE

WebObjects Remote Overflow Vulnerability

Trust: 0.9

sources: BID: 1896 // CNNVD: CNNVD-200004-006

DESCRIPTION

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. apple's WebObjects Exists in unspecified vulnerabilities.None. A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with the CGI-adapter and IIS 4.0. An HTTP request sent with a long header (ie, over 4.1K), will crash webobjects.exe. This may also permit the attacker to remotely execute code with the privilege of IIS, but this has not been verified. This vulnerability is reportedly present only in installations running under a development license. Those licensed for deployment are not affected

Trust: 1.98

sources: NVD: CVE-2000-0299 // JVNDB: JVNDB-2000-000138 // BID: 1896 // VULHUB: VHN-1878

AFFECTED PRODUCTS

vendor:applemodel:webobjectsscope:eqversion:4.5

Trust: 1.6

vendor:アップルmodel:webobjectsscope:eqversion:4.5

Trust: 0.8

vendor:アップルmodel:webobjectsscope:eqversion: -

Trust: 0.8

vendor:applemodel:webobjects developer nt4 iis4.0 cgi-adapter developerscope:eqversion:4.5

Trust: 0.3

sources: BID: 1896 // JVNDB: JVNDB-2000-000138 // CNNVD: CNNVD-200004-006 // NVD: CVE-2000-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0299
value: MEDIUM

Trust: 1.0

NVD: CVE-2000-0299
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200004-006
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1878
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0299
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-1878
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1878 // JVNDB: JVNDB-2000-000138 // CNNVD: CNNVD-200004-006 // NVD: CVE-2000-0299

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2000-000138 // NVD: CVE-2000-0299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-006

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200004-006

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-1878

PATCH
title:top pageurl:https://www.apple.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2000-000138

EXTERNAL IDS
db:NVDid:CVE-2000-0299
Trust: 3.6
db:JVNDBid:JVNDB-2000-000138
Trust: 0.8
db:CNNVDid:CNNVD-200004-006
Trust: 0.7
db:BUGTRAQid:20000404 WEBOBJECTS DOS
Trust: 0.6
db:BIDid:1896
Trust: 0.4
db:SEEBUGid:SSVID-74260
Trust: 0.1
db:EXPLOIT-DBid:20379
Trust: 0.1
db:VULHUBid:VHN-1878
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1878 // 
            
            
            
            BID: 1896 // 
            
            
            
            JVNDB: JVNDB-2000-000138 // 
            
            
            
            CNNVD: CNNVD-200004-006 // 
            
            
            
            NVD: CVE-2000-0299

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2000-04/0020.html
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2000-0299
Trust: 0.8
sources:
            
            
            VULHUB: VHN-1878 // 
            
            
            
            JVNDB: JVNDB-2000-000138 // 
            
            
            
            CNNVD: CNNVD-200004-006 // 
            
            
            
            NVD: CVE-2000-0299

CREDITS
Reported to Bugtraq by Bruce Potter <gdead@fortnocs.com> on Tue Apr 04 2000
Trust: 0.9
sources:
            
            
            BID: 1896 // 
            
            
            
            CNNVD: CNNVD-200004-006

SOURCES
db:VULHUBid:VHN-1878
db:BIDid:1896
db:JVNDBid:JVNDB-2000-000138
db:CNNVDid:CNNVD-200004-006
db:NVDid:CVE-2000-0299

LAST UPDATE DATE
2024-08-14T13:40:49.357000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-1878date:2008-09-10T00:00:00
db:BIDid:1896date:2009-07-11T03:56:00
db:JVNDBid:JVNDB-2000-000138date:2024-05-13T02:45:00
db:CNNVDid:CNNVD-200004-006date:2005-10-20T00:00:00
db:NVDid:CVE-2000-0299date:2008-09-10T19:04:02.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-1878date:2000-04-04T00:00:00
db:BIDid:1896date:2000-04-04T00:00:00
db:JVNDBid:JVNDB-2000-000138date:2024-05-13T00:00:00
db:CNNVDid:CNNVD-200004-006date:2000-04-04T00:00:00
db:NVDid:CVE-2000-0299date:2000-04-04T04:00:00