CVE-1999-0045

Web host < unknown - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0045. PoCs published by Josh Richards.

AI-analyzed exploit summary The exploit describes a vulnerability in the nph-test-cgi script, which allows remote users to browse the filesystem due to improper handling of shell expansion in the 'echo' command. This is an information leakage issue rather than a direct code execution vulnerability.

Description

List of arbitrary files on Web host via nph-test-cgi script.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Josh Richards · textdosmultiple
https://www.exploit-db.com/exploits/19536

The exploit describes a vulnerability in the nph-test-cgi script, which allows remote users to browse the filesystem due to improper handling of shell expansion in the 'echo' command. This is an information leakage issue rather than a direct code execution vulnerability.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache <= 1.1, NCSA httpd <= 1.5.2, Netscape Commerce Server 1.12/Communications Server 1.1/Enterprise Server 2.0
No auth needed
Prerequisites: Access to the target web server's nph-test-cgi script
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0045

Scores

EPSS 0.2616
EPSS Percentile 97.7%

Details

Status published
Products (11)
apache/http_server 0.8.11
apache/http_server 0.8.14
apache/http_server 1.0
apache/http_server 1.0.2
apache/http_server 1.0.3
apache/http_server 1.0.5
apache/http_server 1.1
netscape/commerce_server 1.12
netscape/communications_server 1.1
netscape/communications_server 1.12
... and 1 more
Published Dec 10, 1996
Tracked Since Feb 18, 2026