CVE-2000-0299

Apple WebObjects Developer 4.5 - Denial of Service via Long HTTP Headers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0299. PoCs published by Bruce Potter.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Apple's WebObjects 4.5 Developer on Windows NT 4.0 SP5 with IIS 4.0. It crashes webobjects.exe by sending an HTTP request with an overly long header (over 4.1K).

Description

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Bruce Potter · textdoswindows
https://www.exploit-db.com/exploits/20379

This exploit demonstrates a denial-of-service vulnerability in Apple's WebObjects 4.5 Developer on Windows NT 4.0 SP5 with IIS 4.0. It crashes webobjects.exe by sending an HTTP request with an overly long header (over 4.1K).

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple WebObjects 4.5 Developer (Windows NT 4.0 SP5 with IIS 4.0)
No auth needed
Prerequisites: WebObjects 4.5 Developer running under a development license · IIS 4.0 on Windows NT 4.0 SP5
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-04/0020.html

Scores

EPSS 0.0524
EPSS Percentile 91.5%

Details

Status published
Products (1)
apple/webobjects 4.5
Published Apr 04, 2000
Tracked Since Feb 18, 2026