Vulnerability Name:

CVE-1999-1199 (CCN-8326)

Assigned:1998-08-07
Published:1998-08-07
Updated:2021-06-06
Summary:Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Fri, 7 Aug 1998 19:04:27 +0200
YA Apache DoS attack

Source: CCN
Type: BugTraq Mailing List, Sat, 8 Aug 1998 00:53:00 -0400
Debian Apache Security Update

Source: CCN
Type: BugTraq Mailing List, Tue, 11 Aug 1998 10:54:40 +0900
Apache 'sioux' DOS fix for TurboLinux

Source: CCN
Type: BugTraq Mailing List, Mon, 10 Aug 1998 15:00:02 -0400
Apache DoS Attack

Source: MITRE
Type: CNA
CVE-1999-1199

Source: BUGTRAQ
Type: UNKNOWN
19980807 YA Apache DoS attack

Source: BUGTRAQ
Type: UNKNOWN
19980808 Debian Apache Security Update

Source: BUGTRAQ
Type: UNKNOWN
19980811 Apache 'sioux' DOS fix for TurboLinux

Source: BUGTRAQ
Type: UNKNOWN
19980810 Apache DoS Attack

Source: CCN
Type: Debian Web site
Debian GNU/Linux -- Download Page

Source: CCN
Type: OSVDB ID: 9707
Apache HTTP Server Duplicate MIME Header Saturation DoS

Source: CONFIRM
Type: UNKNOWN
http://www.redhat.com/support/errata/rh51-errata-general.html#apache

Source: XF
Type: UNKNOWN
apache-sioux-dos(8326)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version <= 1.3.1)

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache http server *
    apache http server 1.3
    apache http server 1.3.1
    apache http server 1.3.0