CVE-1999-1072

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Nov 30, 1998

Updated: Nov 20, 2024

Summary

CVE-1999-1072 is a vulnerability affecting Excite for Web Servers (EWS) version 1.1. An attacker can locally access the encrypted password from the world-readable Architext.conf file. By obtaining the encrypted password, an attacker can replay it in an HTTP request to either AT-generated.cgi or AT-admin.cgi, thereby gaining privileges on the affected system. This issue can lead to serious security consequences if not addressed promptly. Users of EWS 1.1 are advised to upgrade to a patched version or to take measures to secure the Architext.conf file.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Excite Japan Co.,Ltd.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/NWlMhy
https://www.cve.org/CVERecord?id=CVE-1999-1072
https://nvd.nist.gov/vuln/detail/CVE-1999-1072

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-1999-1072

CVSS 2.0 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations