ID
VAR-E-199604-0004
CVE
| cve_id: | CVE-1999-0045 | Trust: 1.6 |
EDB ID
19536
TITLE
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi - Multiple dos Exploit
Trust: 0.6
DESCRIPTION
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi. CVE-1999-0045CVE-128 . dos exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | apache | model: | ncsa httpd netscape server | scope: | eq | version: | 1.1/1.5.2/1.12/1.1/2.0 | Trust: 1.0 |
| vendor: | ncsa | model: | httpd a | scope: | eq | version: | 1.5.2 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.5.2 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.5.1 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd a-export | scope: | eq | version: | 1.5 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4.2 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4.1 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4 | Trust: 0.6 |
| vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.3 | Trust: 0.6 |
| vendor: | apache | model: | apache | scope: | eq | version: | 1.0.5 | Trust: 0.6 |
| vendor: | apache | model: | apache | scope: | eq | version: | 1.0.3 | Trust: 0.6 |
| vendor: | apache | model: | apache | scope: | eq | version: | 1.0.2 | Trust: 0.6 |
| vendor: | apache | model: | apache | scope: | eq | version: | 1.0 | Trust: 0.6 |
| vendor: | apache | model: | apache | scope: | eq | version: | 0.8.14 | Trust: 0.6 |
| vendor: | apache | model: | apache | scope: | eq | version: | 0.8.11 | Trust: 0.6 |
| vendor: | apache | model: | ncsa httpd netscape server | scope: | lte | version: | <=1.1/<=1.5.2/1.12/1.1/2.0 | Trust: 0.6 |
| vendor: | netscape | model: | enterprise server a | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | netscape | model: | communications server | scope: | eq | version: | 1.12 | Trust: 0.3 |
| vendor: | netscape | model: | communications server | scope: | eq | version: | 1.1 | Trust: 0.3 |
| vendor: | netscape | model: | commerce server | scope: | eq | version: | 1.12 | Trust: 0.3 |
| vendor: | apache | model: | apache | scope: | eq | version: | 1.1 | Trust: 0.3 |
| vendor: | apache | model: | apache | scope: | ne | version: | 1.1.1 | Trust: 0.3 |
EXPLOIT
Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Commerce Server 1.12/Communications Server 1.1/Enterprise Server 2.0 a nph-test-cgi Vulnerability
source: https://www.securityfocus.com/bid/686/info
Description as given by Josh Richards:
A security hole exists in the nph-test-cgi script included in most UNIX based World Wide Web daemon distributions. The nph-* scripts exist to allow 'non-parsed headers' to be sent via the HTTP protocol (this is not the cause of this security problem, though). The problem is that nph-test-cgi, which prints out information on the current web environment (just like 'test-cgi' does) does not enclose its arguments to the 'echo' command inside of quotes....shell escapes are not possible (or at least I have not found them to be--yet) but shell *expansion* is.... This means that _any_ remote user can easily browse your filesystem via the WWW.
This is a bug with the nph-test-cgi script and _not_ the server itself.
Enter the URL: <http://yourwebserver.com/cgi-bin/nph-test-cgi?*>
Replace <yourwebserver.com> with the hostname of a server running a web
daemon near you.
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
a nph-test-cgi
Trust: 1.0
CREDITS
Josh Richards
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 686 | Trust: 2.2 |
| db: | NVD | id: | CVE-1999-0045 | Trust: 1.6 |
| db: | EXPLOIT-DB | id: | 19536 | Trust: 1.6 |
| db: | EDBNET | id: | 41734 | Trust: 0.6 |
| db: | BID | id: | 2003 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-1999-0045 | Trust: 1.6 |
| url: | https://www.securityfocus.com/bid/686/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/19536/ | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/686 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 2003 |
| db: | BID | id: | 686 |
| db: | EXPLOIT-DB | id: | 19536 |
| db: | EDBNET | id: | 41734 |
LAST UPDATE DATE
2022-07-27T09:37:12.984000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 2003 | date: | 1996-04-01T00:00:00 |
| db: | BID | id: | 686 | date: | 1996-12-10T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 2003 | date: | 1996-04-01T00:00:00 |
| db: | BID | id: | 686 | date: | 1996-12-10T00:00:00 |
| db: | EXPLOIT-DB | id: | 19536 | date: | 1996-12-10T00:00:00 |
| db: | EDBNET | id: | 41734 | date: | 1996-12-10T00:00:00 |