CVE-1999-0107

Apache HTTP Server - Denial of Service via Excessive Slash Characters in GET Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0107. PoCs published by Michal Zalewski.

AI-analyzed exploit summary The provided text describes a denial of service vulnerability in Apache Web Server 1.2 and earlier versions. The attack involves sending a malformed GET request with an excessive number of '/' characters, causing high CPU usage and requiring a service restart.

Description

Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Michal Zalewski · textdosmultiple

https://www.exploit-db.com/exploits/20558

View Code ZIP pw:eip

The provided text describes a denial of service vulnerability in Apache Web Server 1.2 and earlier versions. The attack involves sending a malformed GET request with an excessive number of '/' characters, causing high CPU usage and requiring a service restart.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apache Web Server 1.2 and previous versions

No auth needed

Prerequisites: Network access to the target Apache server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0107

Scores

EPSS 0.1994

EPSS Percentile 97.1%

Details

Status published

Products (9)

apache/http_server 0.8.11

apache/http_server 0.8.14

apache/http_server 1.0

apache/http_server 1.0.2

apache/http_server 1.0.3

apache/http_server 1.0.5

apache/http_server 1.1

apache/http_server 1.1.1

apache/http_server 1.2.5

Published Dec 30, 1997

Tracked Since Feb 18, 2026