Vulnerability Details CVE-1999-1053
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.88
EPSS Ranking 99.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/33674
- http://www.securityfocus.com/archive/82/27296
- http://www.securityfocus.com/archive/82/27560
- http://www.securityfocus.com/bid/776
- http://www.securityfocus.com/archive/1/33674
- http://www.securityfocus.com/archive/82/27296
- http://www.securityfocus.com/archive/82/27560
- http://www.securityfocus.com/bid/776
Products affected by CVE-1999-1053
-
cpe:2.3:a:apache:http_server:1.3.9
-
cpe:2.3:a:matt_wright:matt_wright_guestbook:2.3