|
| 1 | +[basic] |
| 2 | +description = "O'Reilly WebSite 1.1e 及 Website Pro 2.0 存在命令注入漏洞,远程攻击者可通过向 args.cmd 或 args.bat 参数传递 shell 元字符(如管道符、分号等)执行任意系统命令。由于服务器未对用户输入做有效过滤,攻击者无需身份认证即可利用,危害较大。该漏洞影响 O'Reilly 系列 Web 服务器产品。" |
| 3 | +published = "1999-02-16T05:00:00.000" |
| 4 | +remediation = "O'Reilly WebSite 1.1e/Website Pro 2.0 已停止维护,官方不再发布安全更新。建议立即迁移至受支持的 Web 服务器(如 Apache HTTP Server、Nginx),并彻底停止使用旧版软件。如无法立即迁移,可在 Web 服务器前端部署 WAF 规则拦截包含 shell 元字符(如 `;`、`|`、`&`、反引号)的请求,并对 `args.cmd`、`args.bat` 参数输入进行严格白名单过滤。" |
| 5 | +score = 5 |
| 6 | +severity = "MEDIUM" |
| 7 | +sources = ["cve"] |
| 8 | +title = "O'Reilly WebSite 远程命令执行漏洞" |
| 9 | +updated = "2026-06-16T21:49:53.360" |
| 10 | + |
| 11 | +[exploit] |
| 12 | +exp_urls = [] |
| 13 | +poc_urls = [] |
| 14 | + |
| 15 | +[id] |
| 16 | +aliases = ["CVE-1999-1180"] |
| 17 | +ave_id = "AVE-1999-1003" |
| 18 | + |
| 19 | +[meta] |
| 20 | +collected_at = "2026-07-14T00:00:00Z" |
| 21 | +status = "completed" |
| 22 | + |
| 23 | +[references] |
| 24 | +urls = [ |
| 25 | + "http://oliver.efri.hr/~crv/security/bugs/NT/buffer.html", |
| 26 | + "http://www.tryc.on.ca/archives/bugtraq/1999_1/0612.html", |
| 27 | + "https://github.com/CVEProject/cvelistV5/blob/b8581edcbd9fb1606112c43470d0a7cb92a751f8/cves/1999/1xxx/CVE-1999-1180.json", |
| 28 | + "https://github.com/LiuCan01/cve-list-pro/blob/78b55511cee3604c22d518e32822f0435d0cacc0/cve-list/CVE-1999/CVE-1999-1180", |
| 29 | + "https://github.com/yarencheng/cve-devops-playground/blob/9074597bd191efd66c2a6bf1f5d8e60bc4801a90/content/CVE-1999-1180.md", |
| 30 | + "https://github.com/Patrowl/PatrowlHearsData/blob/f6ced4f7862026f4207c9708deb4edf129c83fc5/CVE/data/1999/CVE-1999-1180.json", |
| 31 | + "https://github.com/rhuitl/uClinux/blob/0486e80a025dccbe4a2213715a2ab8a5063ea86b/user/nessus/nessus-plugins/scripts/args_bat.nasl", |
| 32 | + "https://github.com/github/advisory-database/blob/25a429f7c036c8b0416069b51c2af695a6b890c2/advisories/unreviewed/2022/04/GHSA-q697-gcxw-q87j/GHSA-q697-gcxw-q87j.json", |
| 33 | + "https://github.com/SpeeDr00t/speedr00t.github.com/blob/0380f0c2190556fabe90257cb6c0034a42f68951/securityfocus/0x89000/88632/info.html", |
| 34 | + "https://github.com/nomi-sec/NVD-Database/blob/23dc120c34402aaa65883c51c1d03b3cb02c20cb/1999/CVE-1999-1180.json", |
| 35 | + "https://github.com/leego972/titanai/blob/afa5b2310463aae5781d3fd9408071bf38e79806/data/raw/corpus_D_cyber/nvd_cve_000527.txt", |
| 36 | + "https://github.com/blackhook/nessus-plugins/blob/64177d96abbb07c58cf7e131046b067ebc61fcb5/A/args_bat.nasl", |
| 37 | +] |
0 commit comments