Vulnerability in Microsoft Commercial_internet_system

CVE-1999-0861

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Vulnerability class: Race Condition

EPSS: 0.032 (86.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Commercial_internet_system — versions 2.0, 2.5
Microsoft Internet_information_server — versions 4.0
Microsoft Site_server — versions 3.0
Microsoft Site_server_commerce — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

cve@mitre.org (vendor-advisory, x_refsource_MSKB)
cve@mitre.org (x_refsource_MS, vendor-advisory)