CVE-1999-0448
published 1999-01-01CVE-1999-0448: IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
24.19%
97.6th percentile
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_information_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP requests with a REQUEST_METHOD field exceeding 10150 bytes will not be logged by IIS 4.0, enabling log evasion; detect oversized HTTP method fields at the network layer. ↗
- →Look for HTTP requests where the method field is padded with repeated 'A' characters to reach 10141+ bytes before the actual URI and protocol string. ↗
- →Both IIS 4.0 and Apache are affected; monitor for abnormally large HTTP method tokens in raw network traffic regardless of server platform. ↗
- ·IIS 4.0 server-side logging is silently bypassed when the HTTP request method exceeds the threshold; server logs cannot be relied upon as a sole detection mechanism for this attack. ↗
- ·Apache is also affected by the same log-avoidance behaviour for oversized HTTP request methods, broadening the scope beyond IIS. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
1999-01-01
Published