Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1053

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-1999-1053
Last Modified 05 Sep 2008 04:18:36
Published 13 Sep 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1053

Summary

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Vulnerable Systems

Application

  • Apache Http Server 1.3.9

  • Matt Wright Guestbook 2.3


References

BID - 776

VULN-DEV - 19990916 Re: Guestbook perl script (error fix)

VULN-DEV - 19990913 Guestbook perl script (long)

BUGTRAQ - 19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)


Last Updated: 27 May 2016 10:35:15