Description

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

Remediation

References

CVE-1999-0448

Related Vulnerabilities

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-20491)

WordPress Plugin WP-reCAPTCHA Cross-Site Scripting (3.1.3)

WordPress Plugin Digital River Global Commerce Supply Chain Attack [Polyfill.io] (2.0.2)

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4300)

Severity

Medium

Classification

CVE-1999-0448

Tags

Missing Update Known Vulnerabilities