Unrated severityNVD Advisory· Published Sep 13, 1999· Updated Jun 16, 2026
CVE-1999-1053
CVE-1999-1053
Description
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:matt_wright:matt_wright_guestbook:2.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/archive/82/27296nvdExploitVendor Advisory
- www.securityfocus.com/bid/776nvdExploitPatchVendor Advisory
- www.securityfocus.com/archive/1/33674nvdVendor Advisory
- www.securityfocus.com/archive/82/27560nvdVendor Advisory
News mentions
0No linked articles in our index yet.