Lucene search

[email protected]CVE-1999-1053

HistorySep 12, 2001 - 4:00 a.m.

CVE-1999-1053

2001-09-1204:00:00

[email protected]

web.nvd.nist.gov

cve-1999-1053

guestbook.pl

ssi commands

apache 1.3.9

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.944 High

EPSS

Percentile

99.2%

JSON

guestbook.pl cleanses user-inserted SSI commands by removing text between “” separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides “–>”.

Affected configurations

NVD

Node

apachehttp_serverMatch1.3.9

matt_wrightmatt_wright_guestbookMatch2.3

CPENameOperatorVersion
apache:http_serverapache http servereq1.3.9
matt_wright:matt_wright_guestbookmatt wright matt wright guestbookeq2.3

CPE	Name	Operator	Version
apache:http_server	apache http server	eq	1.3.9
matt_wright:matt_wright_guestbook	matt wright matt wright guestbook	eq	2.3

References

www.securityfocus.com/archive/1/33674

www.securityfocus.com/archive/82/27296

www.securityfocus.com/archive/82/27560

www.securityfocus.com/bid/776

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.944 High

EPSS

Percentile

99.2%

JSON

Related for CVE-1999-1053

cvelist1 nvd1 nessus1 packetstorm1 openvas1