Back to search
CVE-1999-1537
Published: Sep 1, 2004
Modified: Aug 1, 2024
PUBLISHED
Description
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
19990707 SSL and IIS.
mailing-list
x_refsource_NTBUGTRAQ
521
vdb-entry
x_refsource_BID
ssl-iis-dos(2352)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now