|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-02-18 | |
| Rule Name: | Matt Wright guestbook.pl Arbitrary Command Execution Vulnerability (CVE-1999-1053) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:776 http://www.securityfocus.com/archive/1/33674 http://www.securityfocus.com/archive/82/27296 http://www.securityfocus.com/archive/82/27560 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.worldwidemart.com/scripts/readme/guestbook.shtml |