Vulnerability Description
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | <= 1.3.1 |
References
- http://marc.info/?l=bugtraq&m=90252779826784&w=2
- http://marc.info/?l=bugtraq&m=90276683825862&w=2
- http://marc.info/?l=bugtraq&m=90280517007869&w=2
- http://marc.info/?l=bugtraq&m=90286768232093&w=2
- http://www.redhat.com/support/errata/rh51-errata-general.html#apache
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab3827
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f8
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f6988585512611
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90b
- http://marc.info/?l=bugtraq&m=90252779826784&w=2
- http://marc.info/?l=bugtraq&m=90276683825862&w=2
- http://marc.info/?l=bugtraq&m=90280517007869&w=2
- http://marc.info/?l=bugtraq&m=90286768232093&w=2
- http://www.redhat.com/support/errata/rh51-errata-general.html#apache
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab3827
FAQ
What is CVE-1999-1199?
CVE-1999-1199 is a vulnerability with a CVSS score of 10.0 (HIGH). Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
How severe is CVE-1999-1199?
CVE-1999-1199 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1199?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.