CVE-1999-0524
4.0 MEDIUMICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts
Published: 1997-08-01 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 4.0 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-200
Affected products
| Vendor | Product |
|---|---|
| apple | aix, bsdos, hp-ux |
| cisco | aix, bsdos, hp-ux |
| hp | aix, bsdos, hp-ux |
| ibm | aix, bsdos, hp-ux |
| linux | aix, bsdos, hp-ux |
| microsoft | aix, bsdos, hp-ux |
| novell | aix, bsdos, hp-ux |
| oracle | aix, bsdos, hp-ux |
| sco | aix, bsdos, hp-ux |
| sgi | aix, bsdos, hp-ux |
| windriver | aix, bsdos, hp-ux |
Description
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-1999-0524
- [Other]http://descriptions.securescout.com/tc/11010
- [Other]http://descriptions.securescout.com/tc/11011
- [Other]http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- [Other]http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434
- [Other]http://www.osvdb.org/95
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/306
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/322
- [Other]https://kc.mcafee.com/corporate/index?page=content&id=SB10053
- [Other]http://descriptions.securescout.com/tc/11010
- [Other]http://descriptions.securescout.com/tc/11011
- [Other]http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- [Other]http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434
- [Other]http://www.osvdb.org/95
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/306
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/322
- [Other]https://kc.mcafee.com/corporate/index?page=content&id=SB10053
- [Other]https://support.f5.com/csp/article/K15277
Related CVEs
Same vendor
- CVE-2026-20262 — A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to... (6.5 MEDIUM)
- CVE-2026-4870 — IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontr... (7.5 HIGH)
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2025-46308 — An authorization issue was addressed with improved state management (5.3 MEDIUM)
Same CWE
- CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
- CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
- CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-50870 — An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
- CVE-2026-39007 — An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)