ID
VAR-E-199604-0003
CVE
cve_id: | CVE-1999-0070 | Trust: 1.6 |
EDB ID
20435
TITLE
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing - CGI remote Exploit
Trust: 0.6
DESCRIPTION
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing. CVE-1999-0070CVE-55371 . remote exploit for CGI platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | apache | model: | ncsa httpd | scope: | eq | version: | 0.8.x/1.0.x/1.x | Trust: 1.0 |
vendor: | ncsa | model: | httpd a | scope: | eq | version: | 1.5.2 | Trust: 0.6 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.5.2 | Trust: 0.6 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.5.1 | Trust: 0.6 |
vendor: | ncsa | model: | httpd a-export | scope: | eq | version: | 1.5 | Trust: 0.6 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4.2 | Trust: 0.6 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4.1 | Trust: 0.6 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4 | Trust: 0.6 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.3 | Trust: 0.6 |
vendor: | apache | model: | apache | scope: | eq | version: | 1.0.5 | Trust: 0.6 |
vendor: | apache | model: | apache | scope: | eq | version: | 1.0.3 | Trust: 0.6 |
vendor: | apache | model: | apache | scope: | eq | version: | 1.0.2 | Trust: 0.6 |
vendor: | apache | model: | apache | scope: | eq | version: | 1.0 | Trust: 0.6 |
vendor: | apache | model: | apache | scope: | eq | version: | 0.8.14 | Trust: 0.6 |
vendor: | apache | model: | apache | scope: | eq | version: | 0.8.11 | Trust: 0.6 |
vendor: | apache | model: | & ncsa httpd | scope: | eq | version: | 0.8.x/1.0.x1.x | Trust: 0.6 |
vendor: | netscape | model: | enterprise server a | scope: | eq | version: | 2.0 | Trust: 0.3 |
vendor: | netscape | model: | communications server | scope: | eq | version: | 1.12 | Trust: 0.3 |
vendor: | netscape | model: | communications server | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | netscape | model: | commerce server | scope: | eq | version: | 1.12 | Trust: 0.3 |
vendor: | apache | model: | apache | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | apache | model: | apache | scope: | ne | version: | 1.1.1 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/2003/info
NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This could be used to gain information to facilitate future attacks. This is identical to a problem with another sample script, nph-test-cgi. See references.
http://target/cgi-bin/test-cgi?/*
http://target/cgi-bin/test-cgi?*
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'test-cgi' Directory Listing
Trust: 1.0
CREDITS
@stake
Trust: 0.6
EXTERNAL IDS
db: | BID | id: | 2003 | Trust: 1.9 |
db: | NVD | id: | CVE-1999-0070 | Trust: 1.6 |
db: | EXPLOIT-DB | id: | 20435 | Trust: 1.6 |
db: | BID | id: | 686 | Trust: 0.6 |
db: | EDBNET | id: | 42585 | Trust: 0.6 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-1999-0070 | Trust: 1.6 |
url: | https://www.securityfocus.com/bid/2003/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/20435/ | Trust: 0.6 |
url: | http://www.securityfocus.com/bid/686 | Trust: 0.3 |
SOURCES
db: | BID | id: | 2003 |
db: | BID | id: | 686 |
db: | EXPLOIT-DB | id: | 20435 |
db: | EDBNET | id: | 42585 |
LAST UPDATE DATE
2022-07-27T09:37:13.009000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 2003 | date: | 1996-04-01T00:00:00 |
db: | BID | id: | 686 | date: | 1996-12-10T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 2003 | date: | 1996-04-01T00:00:00 |
db: | BID | id: | 686 | date: | 1996-12-10T00:00:00 |
db: | EXPLOIT-DB | id: | 20435 | date: | 1996-04-01T00:00:00 |
db: | EDBNET | id: | 42585 | date: | 1996-04-01T00:00:00 |