Security Advisory

CVE-1999-1053

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2001-09-12 04:00:00
Last updated 2024-08-01 16:55:29
Assigner mitre
State PUBLISHED

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

← Browse all CVEs View on cve.org ↗