Description

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Remediation

References

CVE-1999-1053

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5264)

Drupal Other Vulnerability (CVE-2006-4120)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5335)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.13)

Severity

High

Classification

CVE-1999-1053

Tags

Missing Update Known Vulnerabilities