CVE-1999-1053 - CVE Details

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

apache - http_server

Affected Versions:

1.3.9

matt_wright - matt_wright_guestbook

Affected Versions:

References

http://www.securityfocus.com/archive/1/33674
Vendor Advisory
http://www.securityfocus.com/archive/82/27296
ExploitVendor Advisory
http://www.securityfocus.com/archive/82/27560
Vendor Advisory
http://www.securityfocus.com/bid/776
ExploitPatchVendor Advisory
http://www.securityfocus.com/archive/1/33674
Vendor Advisory
http://www.securityfocus.com/archive/82/27296
ExploitVendor Advisory
http://www.securityfocus.com/archive/82/27560
Vendor Advisory
http://www.securityfocus.com/bid/776
ExploitPatchVendor Advisory