CVE-1999-1053
published 1999-09-13CVE-1999-1053: guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
EXPLOIT
guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| matt_wright | matt_wright_guestbook | — | — |