Unrated severityNVD Advisory· Published Sep 13, 1999· Updated Apr 16, 2026

CVE-1999-1053

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Affected products

Apache/HTTP Server
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
Matt Wright/Matt Wright Guestbook
cpe:2.3:a:matt_wright:matt_wright_guestbook:2.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/82/27296nvdExploitVendor Advisory
www.securityfocus.com/bid/776nvdExploitPatchVendor Advisory
www.securityfocus.com/archive/1/33674nvdVendor Advisory
www.securityfocus.com/archive/82/27560nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.073
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000