CVE-1999-0861

Published: Aug 11, 1999Modified: Apr 16, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Affected (5)

Products: Microsoft: Commercial Internet System, Internet Information Server, Site Server, Site Server Commerce

4 products

Commercial Internet System

Internet Information Server

Site Server Commerce

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Commercial Internet System	Version 2.0
Microsoft Commercial Internet System	Version 2.5
Microsoft Internet Information Server	Version 4.0
Microsoft Site Server	Version 3.0
Microsoft Site Server Commerce	Version 3.0

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (4)

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ244613

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-053

Source: cve@mitre.org

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ244613

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-053

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.