Back

CVE-1999-1417

Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged.

Published: Aug 23, 1998 Modified: Apr 16, 2026

CVSS Metrics

Affected Products (1)

Vendor	Product	Version
inso	answerbook2	*

GitHub Security Advisory GHSA-89rj-v9gf-rwhm

Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers...

References (4)

http://www.securityfocus.com/archive/1/10383 Vendor Advisory
http://www.securityfocus.com/bid/253
http://www.securityfocus.com/archive/1/10383 Vendor Advisory
http://www.securityfocus.com/bid/253

Risk Scores

CVSS Score 7.5 / 10

EPSS Score 1.13%

Top 21% most likely to be exploited

Threat Score 30.3 / 100

Data Sources

NVD EPSS GitHub