CVE-1999-1053

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Published: Sep 13, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1053
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
matt_wright / matt_wright_guestbook	2.3	2.3.x
apache / http_server	1.3.9	1.3.9.x

http://www.securityfocus.com/archive/1/33674
http://www.securityfocus.com/archive/82/27296
http://www.securityfocus.com/archive/82/27560
http://www.securityfocus.com/bid/776

Vulnerability Database

CVE-1999-1053