CVE-1999-0448
First published: Fri Jan 01 1999(Updated: )
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability associated with CVE-1999-0448?
CVE-1999-0448 refers to a vulnerability in IIS 4.0 and Apache that allows remote attackers to hide the true URL of the HTTP requests due to improper logging of request methods.
What is the severity of CVE-1999-0448?
CVE-1999-0448 is considered a serious vulnerability as it allows attackers to obfuscate their actions, potentially leading to unauthorized access.
How can I fix CVE-1999-0448?
To mitigate CVE-1999-0448, it is recommended to upgrade to a more recent version of IIS or Apache that addresses this vulnerability.
Which software versions are affected by CVE-1999-0448?
CVE-1999-0448 specifically affects Microsoft Internet Information Server version 4.0.
Can CVE-1999-0448 be exploited remotely?
Yes, CVE-1999-0448 can be exploited remotely, allowing attackers to manipulate request logging on affected servers.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/microsoft
- canonical/microsoft internet information services
- version/microsoft internet information services/4.0