CVE-1999-1127
published 1999-12-31CVE-1999-1127: Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion)…
PriorityP427high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
17.75%
96.8th percentile
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_nt | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Resource Shutdown or Release
mitre_cwe
CWE-404 Improper Resource Shutdown or Release
CWE-404: Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability, Other. Impact: DoS: Resource Consumption (Other), Varies by Context. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.
Scope: Confidentiality.
CWE
Missing Release of Resource after Effective Lifetime
mitre_cwe
CWE-772 Missing Release of Resource after Effective Lifetime
CWE-772: Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (Other), DoS: Resource Consumption (Memory), DoS: Resource Consumption (CPU). An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application S
http://support.microsoft.com/support/kb/articles/Q195/7/33.asphttp://www.iss.net/security_center/static/523.phphttps://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017http://support.microsoft.com/support/kb/articles/Q195/7/33.asphttp://www.iss.net/security_center/static/523.phphttps://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017
1999-12-31
Published