Details of VAR-E-199604-0003

ID

VAR-E-199604-0003

CVE

cve_id:

CVE-1999-0070

Trust: 1.6

sources: EXPLOIT-DB: 20435 // EDBNET: 42585

EDB ID

20435

TITLE

Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing - CGI remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 20435

DESCRIPTION

Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing. CVE-1999-0070CVE-55371 . remote exploit for CGI platform

Trust: 0.6

sources: EXPLOIT-DB: 20435

AFFECTED PRODUCTS

vendor:	apache	model:	ncsa httpd	scope:	eq	version:	0.8.x/1.0.x/1.x	Trust: 1.0
vendor:	ncsa	model:	httpd a	scope:	eq	version:	1.5.2	Trust: 0.6
vendor:	ncsa	model:	httpd	scope:	eq	version:	1.5.2	Trust: 0.6
vendor:	ncsa	model:	httpd	scope:	eq	version:	1.5.1	Trust: 0.6
vendor:	ncsa	model:	httpd a-export	scope:	eq	version:	1.5	Trust: 0.6
vendor:	ncsa	model:	httpd	scope:	eq	version:	1.4.2	Trust: 0.6
vendor:	ncsa	model:	httpd	scope:	eq	version:	1.4.1	Trust: 0.6
vendor:	ncsa	model:	httpd	scope:	eq	version:	1.4	Trust: 0.6
vendor:	ncsa	model:	httpd	scope:	eq	version:	1.3	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	1.0.5	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	1.0.3	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	1.0.2	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	1.0	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	0.8.14	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	0.8.11	Trust: 0.6
vendor:	apache	model:	& ncsa httpd	scope:	eq	version:	0.8.x/1.0.x1.x	Trust: 0.6
vendor:	netscape	model:	enterprise server a	scope:	eq	version:	2.0	Trust: 0.3
vendor:	netscape	model:	communications server	scope:	eq	version:	1.12	Trust: 0.3
vendor:	netscape	model:	communications server	scope:	eq	version:	1.1	Trust: 0.3
vendor:	netscape	model:	commerce server	scope:	eq	version:	1.12	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.1.1	Trust: 0.3

sources: BID: 2003 // BID: 686 // EXPLOIT-DB: 20435 // EDBNET: 42585

EXPLOIT

source: https://www.securityfocus.com/bid/2003/info

NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This could be used to gain information to facilitate future attacks. This is identical to a problem with another sample script, nph-test-cgi. See references.

http://target/cgi-bin/test-cgi?/*
http://target/cgi-bin/test-cgi?*

Trust: 1.0

sources: EXPLOIT-DB: 20435

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 20435

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 20435

TYPE

'test-cgi' Directory Listing

Trust: 1.0

sources: EXPLOIT-DB: 20435

CREDITS

@stake

Trust: 0.6

sources: EXPLOIT-DB: 20435

EXTERNAL IDS

db:	BID	id:	2003	Trust: 1.9
db:	NVD	id:	CVE-1999-0070	Trust: 1.6
db:	EXPLOIT-DB	id:	20435	Trust: 1.6
db:	BID	id:	686	Trust: 0.6
db:	EDBNET	id:	42585	Trust: 0.6

sources: BID: 2003 // BID: 686 // EXPLOIT-DB: 20435 // EDBNET: 42585

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-1999-0070	Trust: 1.6
url:	https://www.securityfocus.com/bid/2003/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/20435/	Trust: 0.6
url:	http://www.securityfocus.com/bid/686	Trust: 0.3

sources: BID: 2003 // EXPLOIT-DB: 20435 // EDBNET: 42585

SOURCES

db:	BID	id:	2003
db:	BID	id:	686
db:	EXPLOIT-DB	id:	20435
db:	EDBNET	id:	42585

LAST UPDATE DATE

2022-07-27T09:37:13.009000+00:00

SOURCES UPDATE DATE

db:	BID	id:	2003	date:	1996-04-01T00:00:00
db:	BID	id:	686	date:	1996-12-10T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	2003	date:	1996-04-01T00:00:00
db:	BID	id:	686	date:	1996-12-10T00:00:00
db:	EXPLOIT-DB	id:	20435	date:	1996-04-01T00:00:00
db:	EDBNET	id:	42585	date:	1996-04-01T00:00:00