CVE-1999-0448

CVSS 2.0 Score 5 of 10 (medium)

Details

Published Jan 1, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-0448 is a vulnerability affecting both IIS 4.0 and Apache servers. It allows remote attackers to conceal the true URL of their request by manipulating the length of HTTP request methods. This can potentially be used to bypass access controls and perform unauthorized actions. The vulnerability arises due to the servers' failure to properly check the length of HTTP request methods. This issue, though old, highlights the importance of keeping web servers updated with the latest security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft IIS

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/NWlRjD
https://www.cve.org/CVERecord?id=CVE-1999-0448
https://nvd.nist.gov/vuln/detail/CVE-1999-0448

Back to Vulnerability Database