Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0999 — Improper Input Validation in Microsoft SQL Server

CWE-20 — Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
16.1%
top 5.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft SQL Server
Timeline
PublishedNov 19
Latest updateApr 30

Description

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cj38-2rjc-pv2v: Microsoft SQL 7↗2022-04-30
â–¶
CVEList
CVE-1999-0999: Microsoft SQL 7↗2000-01-18
â–¶

💥Exploits & PoCs

1
Exploit-DB
Microsoft SQL Server 7.0/7.0 SP1 - NULL Data Denial of Service↗1999-11-19
â–¶
CVE-1999-0999 — Improper Input Validation in Microsoft | cvebase