CVE-1999-1053

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/82/27296	Exploit Vendor Advisory
http://www.securityfocus.com/archive/82/27560	Vendor Advisory
http://www.securityfocus.com/archive/1/33674	Vendor Advisory
http://www.securityfocus.com/bid/776	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:http_server:1.3.9:::::::*
	cpe:2.3:a:matt_wright:matt_wright_guestbook:2.3:::::::*

Information

Published : 1999-09-12 21:00

Updated : 2008-09-05 13:18

NVD link : CVE-1999-1053

Mitre link : CVE-1999-1053

JSON object : View

CWE

NVD-CWE-Other

Products Affected

apache

http_server

matt_wright

matt_wright_guestbook

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/82/27296", "name": "19990913 Guestbook perl script (long)", "tags": ["Exploit", "Vendor Advisory"], "refsource": "VULN-DEV"}, {"url": "http://www.securityfocus.com/archive/82/27560", "name": "19990916 Re: Guestbook perl script (error fix)", "tags": ["Vendor Advisory"], "refsource": "VULN-DEV"}, {"url": "http://www.securityfocus.com/archive/1/33674", "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/776", "name": "776", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "guestbook.pl cleanses user-inserted SSI commands by removing text between \"\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"-->\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-1999-1053", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "1999-09-13T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_wright:matt_wright_guestbook:2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:18Z"}

7.5 /10