Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1130 — Enterprise Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

7.0%

top 8.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netscape Enterprise Server

Timeline

PublishedJul 30

Latest updateApr 30

Description

Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnetscape/enterprise_server3.5.1

🔴Vulnerability Details

GHSA

GHSA-ghc8-6pj7-h897: Default configuration of the search engine in Netscape Enterprise Server 3↗2022-04-30

▶

CVEList

CVE-1999-1130: Default configuration of the search engine in Netscape Enterprise Server 3↗2001-09-12

▶

💥Exploits & PoCs

Exploit-DB

Netscape Enterprise Server 3.51/3.6 - JHTML View Source↗1999-07-30

▶