CVE-1999-1377

CVSS 2.0 Score 5 of 10 (medium)

Details

Published Sep 9, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-1377 is a vulnerability affecting Matt Wright's download.cgi version 1.0. An attacker can exploit this issue by manipulating the 'f' parameter with a '..' (dot dot) input, allowing them to read arbitrary files on the affected system remotely. This vulnerability poses a significant risk to system security as it permits unauthorized access to sensitive information. Attackers may leverage this flaw to gain insights into the system configuration, potentially leading to more advanced attacks. System administrators are strongly advised to patch or upgrade affected installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/NWlUGd
https://www.cve.org/CVERecord?id=CVE-1999-1377
https://nvd.nist.gov/vuln/detail/CVE-1999-1377

Back to Vulnerability Database

CVE-1999-1377

CVSS 2.0 Score 5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations