Lucene search

[email protected]CVE-1999-1155

HistoryNov 09, 1998 - 5:00 a.m.

CVE-1999-1155

1998-11-0905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1155

lakeweb

mail list cgi

arbitrary command execution

shell metacharacters

nvd.

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON

LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.

CPENameOperatorVersion
lakeweb:mail_list_cgi_scriptlakeweb mail list cgi scripteq*

CPE	Name	Operator	Version
lakeweb:mail_list_cgi_script	lakeweb mail list cgi script	eq	*

References

lakeweb.com/scripts/

www.securityfocus.com/archive/1/11175

exchange.xforce.ibmcloud.com/vulnerabilities/1400

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON