CVE-1999-1053

CVSS 2.0 Score 7.5 of 10 (high)

Details

Published Sep 13, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-1053 is a vulnerability affecting the guestbook.pl script, which is used with Apache web servers. The issue arises from the script's flawed handling of SSI (Server Side Includes) commands. Instead of properly parsing these commands, the script removes text between the "" separators. Malicious users can exploit this vulnerability by inserting arbitrary commands within these separators, leading to potential execution of unintended code when the script is run on Apache 1.3.9 and possibly other versions. Apache's acceptance of alternative closing sequences for SSI commands might exacerbate the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Apache Software Foundation Apache HTTP Server

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners