CVE-1999-1053 | Date: (C)1999-09-13 (M)2023-12-22 |
guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 7.5 |
Exploit Score: 10.0 |
Impact Score: 6.4 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: LOW |
Authentication: NONE |
Confidentiality: PARTIAL |
Integrity: PARTIAL |
Availability: PARTIAL |
| |