ID

VAR-200004-0053


CVE

CVE-2000-0299


TITLE

WebObjects Remote Overflow Vulnerability

Trust: 0.9

sources: BID: 1896 // CNNVD: CNNVD-200004-006

DESCRIPTION

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. apple's WebObjects Exists in unspecified vulnerabilities.None. A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with the CGI-adapter and IIS 4.0. An HTTP request sent with a long header (ie, over 4.1K), will crash webobjects.exe. This may also permit the attacker to remotely execute code with the privilege of IIS, but this has not been verified. This vulnerability is reportedly present only in installations running under a development license. Those licensed for deployment are not affected

Trust: 1.98

sources: NVD: CVE-2000-0299 // JVNDB: JVNDB-2000-000138 // BID: 1896 // VULHUB: VHN-1878

AFFECTED PRODUCTS

vendor:applemodel:webobjectsscope:eqversion:4.5

Trust: 1.6

vendor:アップルmodel:webobjectsscope:eqversion:4.5

Trust: 0.8

vendor:アップルmodel:webobjectsscope:eqversion: -

Trust: 0.8

vendor:applemodel:webobjects developer nt4 iis4.0 cgi-adapter developerscope:eqversion:4.5

Trust: 0.3

sources: BID: 1896 // JVNDB: JVNDB-2000-000138 // CNNVD: CNNVD-200004-006 // NVD: CVE-2000-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0299
value: MEDIUM

Trust: 1.0

NVD: CVE-2000-0299
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200004-006
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1878
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0299
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-1878
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1878 // JVNDB: JVNDB-2000-000138 // CNNVD: CNNVD-200004-006 // NVD: CVE-2000-0299

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2000-000138 // NVD: CVE-2000-0299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-006

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200004-006

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1878

PATCH

title:top pageurl:https://www.apple.com/

Trust: 0.8

sources: JVNDB: JVNDB-2000-000138

EXTERNAL IDS

db:NVDid:CVE-2000-0299

Trust: 3.6

db:JVNDBid:JVNDB-2000-000138

Trust: 0.8

db:CNNVDid:CNNVD-200004-006

Trust: 0.7

db:BUGTRAQid:20000404 WEBOBJECTS DOS

Trust: 0.6

db:BIDid:1896

Trust: 0.4

db:SEEBUGid:SSVID-74260

Trust: 0.1

db:EXPLOIT-DBid:20379

Trust: 0.1

db:VULHUBid:VHN-1878

Trust: 0.1

sources: VULHUB: VHN-1878 // BID: 1896 // JVNDB: JVNDB-2000-000138 // CNNVD: CNNVD-200004-006 // NVD: CVE-2000-0299

REFERENCES

url:http://archives.neohapsis.com/archives/bugtraq/2000-04/0020.html

Trust: 3.5

url:https://nvd.nist.gov/vuln/detail/cve-2000-0299

Trust: 0.8

sources: VULHUB: VHN-1878 // JVNDB: JVNDB-2000-000138 // CNNVD: CNNVD-200004-006 // NVD: CVE-2000-0299

CREDITS

Reported to Bugtraq by Bruce Potter <gdead@fortnocs.com> on Tue Apr 04 2000

Trust: 0.9

sources: BID: 1896 // CNNVD: CNNVD-200004-006

SOURCES

db:VULHUBid:VHN-1878
db:BIDid:1896
db:JVNDBid:JVNDB-2000-000138
db:CNNVDid:CNNVD-200004-006
db:NVDid:CVE-2000-0299

LAST UPDATE DATE

2024-11-22T23:03:22.496000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1878date:2008-09-10T00:00:00
db:BIDid:1896date:2009-07-11T03:56:00
db:JVNDBid:JVNDB-2000-000138date:2024-05-13T02:45:00
db:CNNVDid:CNNVD-200004-006date:2005-10-20T00:00:00
db:NVDid:CVE-2000-0299date:2024-11-20T23:32:11.060

SOURCES RELEASE DATE

db:VULHUBid:VHN-1878date:2000-04-04T00:00:00
db:BIDid:1896date:2000-04-04T00:00:00
db:JVNDBid:JVNDB-2000-000138date:2024-05-13T00:00:00
db:CNNVDid:CNNVD-200004-006date:2000-04-04T00:00:00
db:NVDid:CVE-2000-0299date:2000-04-04T04:00:00