CVE-1999-1053 - Thru Canaan Dog

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between <!–\ and -->\ separators which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions since Apache allows other closing sequences besides -->.

Reference

http://www.securityfocus.com/archive/82/27296 http://www.securityfocus.com/archive/82/27560 http://www.securityfocus.com/archive/1/33674 http://www.securityfocus.com/bid/776