CVE-1999-0874

🗓️ 02 Jun 2000 04:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 86 Views🌐 WEB

Buffer overflow in IIS 4.0 allowing DoS via malformed .HTR, .IDC, .STM file requests

Reporter	Title	Published	Views	Family All 9
Circl	CVE-1999-0874	30 Apr 201000:00	–	circl
Cvelist	CVE-1999-0874	2 Jun 200004:00	–	cvelist
Exploit DB	Microsoft IIS 4.0 - '.htr' Path Overflow (MS02-018) (Metasploit)	30 Apr 201000:00	–	exploitdb
Exploit DB	Microsoft IIS 4.0 - Remote Buffer Overflow (2)	15 Jun 199900:00	–	exploitdb
exploitpack	Microsoft IIS 4.0 - Remote Buffer Overflow (2)	15 Jun 199900:00	–	exploitpack
Tenable Nessus	Microsoft IIS ISM.DLL HTR Request Remote Overflow	22 Jun 199900:00	–	nessus
Metasploit	MS02-018 Microsoft IIS 4.0 .HTR Path Overflow	21 Jan 200622:10	–	metasploit
NVD	CVE-1999-0874	16 Jun 199904:00	–	nvd
Packet Storm	Microsoft IIS 4.0 .HTR Path Overflow	26 Nov 200900:00	–	packetstorm

NVD

Node

Node

Source	Link
docs	www.docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-019
support	www.support.microsoft.com/default.aspx
ciac	www.ciac.org/ciac/bulletins/j-048.shtml
eeye	www.eeye.com/html/Research/Advisories/AD06081999.html
oval	www.oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A915

Parameter	Position	Path	Description	CWE
path	path	/{buffer}.htr	Buffer overflow via crafted GET request to /{buffer}.htr exploiting IIS 4.0 HTR path overflow.	CWE-119
buffer	path	/{buffer}.htr	Buffer overflow via crafted GET request to /{buffer}.htr exploiting IIS 4.0 HTR path overflow.	CWE-119

16 Jun 2026 21:49Current

6.9Medium risk

Vulners AI Score6.9

CVSS 210

EPSS0.78099