CVE-1999-1537

EPSS 1.29%
Published 07.07.1999 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Information Server Version3.0

Microsoft ≫ Internet Information Server Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.29%	0.777

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://marc.info/?l=ntbugtraq&m=93138827329577&w=2

http://www.securityfocus.com/bid/521

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/2352

https://nvd.nist.gov/vuln/detail/CVE-1999-1537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-1999-1537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-1999-1537

EUVD