CVE-1999-1053

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Sep 13, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-1053 is a vulnerability affecting the guestbook.pl script, which is used to manage guestbooks on Apache web servers. The issue arises because the script cleanses user-inputted Server Side Includes (SSI) commands by only removing text between the "-->" separators. Malicious actors can exploit this flaw to execute arbitrary commands, as Apache also accepts other closing sequences besides "-->". This vulnerability was identified in Apache 1.3.9 and potentially other versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation Apache HTTP Server

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/LE7Qdp
https://www.cve.org/CVERecord?id=CVE-1999-1053
https://nvd.nist.gov/vuln/detail/CVE-1999-1053

Back to Vulnerability Database