Skip to content

Commit ab73bc9

Browse files
committed
add: AVE-1999-1003
1 parent 0b28234 commit ab73bc9

1 file changed

Lines changed: 37 additions & 0 deletions

File tree

vulns/1999/AVE-1999-1003.toml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
[basic]
2+
description = "O'Reilly WebSite 1.1e 及 Website Pro 2.0 存在命令注入漏洞,远程攻击者可通过向 args.cmd 或 args.bat 参数传递 shell 元字符(如管道符、分号等)执行任意系统命令。由于服务器未对用户输入做有效过滤,攻击者无需身份认证即可利用,危害较大。该漏洞影响 O'Reilly 系列 Web 服务器产品。"
3+
published = "1999-02-16T05:00:00.000"
4+
remediation = "O'Reilly WebSite 1.1e/Website Pro 2.0 已停止维护,官方不再发布安全更新。建议立即迁移至受支持的 Web 服务器(如 Apache HTTP Server、Nginx),并彻底停止使用旧版软件。如无法立即迁移,可在 Web 服务器前端部署 WAF 规则拦截包含 shell 元字符(如 `;`、`|`、`&`、反引号)的请求,并对 `args.cmd`、`args.bat` 参数输入进行严格白名单过滤。"
5+
score = 5
6+
severity = "MEDIUM"
7+
sources = ["cve"]
8+
title = "O'Reilly WebSite 远程命令执行漏洞"
9+
updated = "2026-06-16T21:49:53.360"
10+
11+
[exploit]
12+
exp_urls = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-1999-1180"]
17+
ave_id = "AVE-1999-1003"
18+
19+
[meta]
20+
collected_at = "2026-07-14T00:00:00Z"
21+
status = "completed"
22+
23+
[references]
24+
urls = [
25+
"http://oliver.efri.hr/~crv/security/bugs/NT/buffer.html",
26+
"http://www.tryc.on.ca/archives/bugtraq/1999_1/0612.html",
27+
"https://github.com/CVEProject/cvelistV5/blob/b8581edcbd9fb1606112c43470d0a7cb92a751f8/cves/1999/1xxx/CVE-1999-1180.json",
28+
"https://github.com/LiuCan01/cve-list-pro/blob/78b55511cee3604c22d518e32822f0435d0cacc0/cve-list/CVE-1999/CVE-1999-1180",
29+
"https://github.com/yarencheng/cve-devops-playground/blob/9074597bd191efd66c2a6bf1f5d8e60bc4801a90/content/CVE-1999-1180.md",
30+
"https://github.com/Patrowl/PatrowlHearsData/blob/f6ced4f7862026f4207c9708deb4edf129c83fc5/CVE/data/1999/CVE-1999-1180.json",
31+
"https://github.com/rhuitl/uClinux/blob/0486e80a025dccbe4a2213715a2ab8a5063ea86b/user/nessus/nessus-plugins/scripts/args_bat.nasl",
32+
"https://github.com/github/advisory-database/blob/25a429f7c036c8b0416069b51c2af695a6b890c2/advisories/unreviewed/2022/04/GHSA-q697-gcxw-q87j/GHSA-q697-gcxw-q87j.json",
33+
"https://github.com/SpeeDr00t/speedr00t.github.com/blob/0380f0c2190556fabe90257cb6c0034a42f68951/securityfocus/0x89000/88632/info.html",
34+
"https://github.com/nomi-sec/NVD-Database/blob/23dc120c34402aaa65883c51c1d03b3cb02c20cb/1999/CVE-1999-1180.json",
35+
"https://github.com/leego972/titanai/blob/afa5b2310463aae5781d3fd9408071bf38e79806/data/raw/corpus_D_cyber/nvd_cve_000527.txt",
36+
"https://github.com/blackhook/nessus-plugins/blob/64177d96abbb07c58cf7e131046b067ebc61fcb5/A/args_bat.nasl",
37+
]

0 commit comments

Comments
 (0)