Vulnerability Name:

CVE-1999-1293 (CCN-201)

Assigned:1997-07-01
Published:1997-07-01
Updated:2016-10-18
Summary:mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-1999-0075

Source: MITRE
Type: CNA
CVE-1999-1293

Source: MITRE
Type: CNA
CVE-2001-0421

Source: MITRE
Type: CNA
CVE-2002-0068

Source: MITRE
Type: CNA
CVE-2002-0104

Source: BUGTRAQ
Type: UNKNOWN
19980106 Apache security advisory

Source: CCN
Type: RHSA-2002-029
New squid packages available

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.apache.org/info/security_bulletin_1.2.5.html

Source: CCN
Type: OSVDB ID: 5378
Squid FTP URL Special Character Handling Remote Overflow

Source: CCN
Type: OSVDB ID: 5742
WU-FTPD QUOTE PASV Forced Core Dump Information Disclosure

Source: CCN
Type: BID-2601
Solaris FTP Core Dump Shadow Password Recovery Vulnerability

Source: CCN
Type: BID-3806
AFTPD Home Directory Change Core Dump Vulnerability

Source: CCN
Type: BID-4148
Squid Cache FTP Proxy URL Buffer Overflow Vulnerability

Source: CCN
Type: WU-FTPD Web site
WU-FTPD Development Group

Source: XF
Type: UNKNOWN
ftp-args(201)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version <= 1.2.5)

    • Configuration CCN 1:
  • cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-1999-1293 (CCN-7249)

    Assigned:1998-01-06
    Published:1998-01-06
    Updated:1998-01-06
    Summary:Apache HTTP Server is vulnerable to a denial of service attack, caused by a vulnerability in the mod_proxy module. A remote attacker can send a specially-crafted FTP command to the FTP proxy part of mod_proxy to cause Apache to dump core and crash.
    CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: BugTraq Mailing List, Tue, 6 Jan 1998 16:12:36 -0700
    Apache security advisory

    Source: MITRE
    Type: CNA
    CVE-1999-1293

    Source: CCN
    Type: Apache FTP site
    Index of /dist/httpd

    Source: XF
    Type: UNKNOWN
    apache-mod-proxy-dos(7249)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:apache:http_server:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:0.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:0.8.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache http server *
    washington_university wu-ftpd 2.6.1
    ibm aix *
    windriver bsdos *
    hp hp-ux *
    sgi irix *
    linux linux kernel *
    sun solaris *
    data_general dg ux *
    sco unix *
    ibm aix 4.3
    redhat linux 6.2
    redhat linux 7
    redhat linux 7.1
    compaq tru64 *
    redhat linux 7.2
    apache http server 1.2
    apache http server 1.0
    apache http server 1.2.5
    apache http server 0.8.11
    apache http server 0.8.14
    apache http server 1.0.2
    apache http server 1.0.3
    apache http server 1.0.5
    apache http server 1.1
    apache http server 1.1.1