{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-1999-1053", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "guestbook.pl cleanses user-inserted SSI commands by removing text between \"\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"-->\"." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "19990913 Guestbook perl script (long)", "refsource" : "VULN-DEV", "url" : "http://www.securityfocus.com/archive/82/27296" }, { "name" : "19990916 Re: Guestbook perl script (error fix)", "refsource" : "VULN-DEV", "url" : "http://www.securityfocus.com/archive/82/27560" }, { "name" : "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/33674" }, { "name" : "776", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/776" } ] } }