Phase:The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter.
ReferencesNTBUGTRAQ:Friday, April 09, 1999 Webcom's CGI Guestbook for Win32 web servers | XF:http-cgi-webcom-guestbook
Votes:Modified (Thursday, January 06, 2000-01)
Comments: ACCEPT(4) Landfield, Frech, Ozancin, Blake | NOOP(3) Baker, Christey, Northcutt
F7: Christey> CVE-1999-0287 is probably a duplicate of CVE-1999-0467. In | NTBUGTRAQ:19990409 Webcom's CGI Guestbook for Win32 web servers | Mnemonix says that he had previously reported on a similar | problem. Let's refer to the NTBugtraq posting as | CVE-1999-0467. We will refer to the "previous report" as | CVE-1999-0287, which can be found at: | http://oliver.efri.hr/~crv/security/bugs/NT/httpd41.html | | 0287 describes an exploit via the "template" hidden variable. | The exploit describes manually editing the HTML form to | change the filename to read from the template variable. | | The exploit as described in 0467 encodes the template variable | directly into the URL. However, hidden variables are also | encoded into the URL, which would have looked the same to | the web server regardless of the exploit. Therefore 0287 | and 0467 are the same. | Christey> | The CD:SF-EXEC content decision also applies here. We have 2 | programs, wguest.exe and rguest.exe, which appear to have the | same problem. CD:SF-EXEC needs to be accepted by the Editorial | Board before this candidate can be converted into a CVE | entry. When finalized, CD:SF-EXEC will decide whether | this candidate should be split or not. | Christey> BID:2024