CVE-1999-1053 Information

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between !–\ and --\ separators which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions since Apache allows other closing sequences besides --.

Reference

http://www.securityfocus.com/archive/1/33674 http://www.securityfocus.com/archive/82/27296 http://www.securityfocus.com/archive/82/27560 http://www.securityfocus.com/bid/776