CVE-1999-1053

Apache Http — NVD-CWE-Other

EPSS 0.88552
  • Published: 1999-09-13T04:00:00.000
  • Last modified: 2025-04-03T01:03:51.193
  • Vendors: Apache, Matt Wright
  • Products: Http, Matt Wright Gue
  • CWE: NVD-CWE-Other

CVE-1999-1053 — guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". [Weakness: NVD-CWE-Other]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No items for this vendor.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

guestbook.pl cleanses user-inserted SSI commands by removing text between “” separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides “–>”.

🧠 Explainer: What this vulnerability means

Summary: The issue in Http by Apache (CWE: unspecified) may enable attacks.

Impact: Systems could be compromised, leading to confidentiality, integrity, or availability loss.

Mitigation: Until patched, restrict exposure, enforce least privilege, and monitor for suspicious activity.

CWE: NVD-CWE-Other
Apache Matt Wright Http Matt Wright Gue