Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0867

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUM
EPSS
19.4%
top 4.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft Commercial Internet SystemMicrosoft Internet Information ServerMicrosoft Site Server
Timeline
PublishedAug 11
Latest updateApr 30

Description

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-m9hv-pvv3-2735: Denial of service in IIS 42022-04-30
CVEList
CVE-1999-0867: Denial of service in IIS 42000-01-04

💥Exploits & PoCs

1
Exploit-DB
Microsoft Commercial Internet System 2.0/2.5 / IIS 4.0 / Site Server Commerce Edition 3.0 alpha/3.0 - Denial of Service1999-08-11
CVE-1999-0867 (MEDIUM CVSS 5) | Denial of service in IIS 4.0 via a | cvebase.io