← back
CVE-1999-1053

CVE-1999-1053

EPSS 85.2%
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/siunam321/CVE-1999-1053-PoC1exploitdbwww.exploit-db.com/exploits/16914unverifiedexploitdbwww.exploit-db.com/exploits/9907unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.securityfocus.com/archive/1/33674http://www.securityfocus.com/archive/82/27296http://www.securityfocus.com/archive/82/27560http://www.securityfocus.com/bid/776