published date: January 26, 1999

CVE-1999-0449 : Denial of Service Vulnerability

Description

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

Product(s):

Microsoft IIS 4.0
Microsoft Internet Information Server 4.0 Far East Edition
Microsoft Internet Information Server 4.0 Alpha
Microsoft IIS 4.0 Japanese
Microsoft IIS 4.0 Korean
Microsoft IIS 4.0 Chinese

CVSS:7.8 [Critical]
EPSS:42.72%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-1999-0449, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-1999-0449 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-1999-0449

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales