CVE-1999-1127

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://support.microsoft.com/support/kb/articles/Q195/7/33.asp	Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/523.php	Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_nt:4.0:-:::enterprise:::*
	cpe:2.3:o:microsoft:windows_nt:4.0:-:::server:::*
	cpe:2.3:o:microsoft:windows_nt:4.0:-:::terminal_server:::*
	cpe:2.3:o:microsoft:windows_nt:4.0:-:::workstation:::*

History

08 Feb 2024, 20:35

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*	cpe:2.3:o:microsoft:windows_nt:4.0:-:::terminal_server:::* cpe:2.3:o:microsoft:windows_nt:4.0:-:::server:::* cpe:2.3:o:microsoft:windows_nt:4.0:-:::enterprise:::* cpe:2.3:o:microsoft:windows_nt:4.0:-:::workstation:::*
References	~~() http://support.microsoft.com/support/kb/articles/Q195/7/33.asp - Patch, Vendor Advisory~~	() http://support.microsoft.com/support/kb/articles/Q195/7/33.asp - Broken Link, Patch, Vendor Advisory
References	~~() http://www.iss.net/security_center/static/523.php -~~	() http://www.iss.net/security_center/static/523.php - Broken Link
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017 - Patch, Vendor Advisory
CWE	~~NVD-CWE-Other~~	CWE-772
CVSS	v2 : ~~5.0~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5

Information

Published : 1999-12-31 05:00

Updated : 2024-02-08 20:35

NVD link : CVE-1999-1127

Mitre link : CVE-1999-1127

CVE.ORG link : CVE-1999-1127

JSON object : View

Products Affected

microsoft

windows_nt

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-1999-1127

7.5^/10

5.0^/10

Attach tags to `CVE-1999-1127`