Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1053Missing Documentation for Design in Apache Http Server

CWE-1053Missing Documentation for Design6 documents5 sources
Severity
7.5HIGHNVD
EPSS
90.7%
top 0.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Http ServerMatt Wright Guestbook
Timeline
PublishedSep 13
Latest updateApr 30

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-7fhv-p5jq-2v6f: guestbook2022-04-30
CVEList
CVE-1999-1053: guestbook2001-09-12

💥Exploits & PoCs

2
Exploit-DB
The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)2010-07-03
Exploit-DB
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include1999-11-05

📋Vendor Advisories

1
Red Hat
glibc: manual/search.texi lacks a statement about the unspecified tdelete return value upon deletion of a tree's root1999-11-09
CVE-1999-1053 — Missing Documentation for Design | cvebase