CVE-1999-1537

EPSS 1.29%
Veröffentlicht 07.07.1999 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Information Server Version3.0

Microsoft ≫ Internet Information Server Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.29%	0.777

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://marc.info/?l=ntbugtraq&m=93138827329577&w=2

http://www.securityfocus.com/bid/521

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/2352

https://nvd.nist.gov/vuln/detail/CVE-1999-1537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-1999-1537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-1999-1537

EUVD