" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".">

CVEMON

CVE SEARCH UTILITY|


Follow Star Issues

CVE-1999-1053

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".