Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0045. PoCs published by Josh Richards.
AI-analyzed exploit summary The exploit describes a vulnerability in the nph-test-cgi script, which allows remote users to browse the filesystem due to improper handling of shell expansion in the 'echo' command. This is an information leakage issue rather than a direct code execution vulnerability.
Description
List of arbitrary files on Web host via nph-test-cgi script.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Josh Richards · textdosmultiple
https://www.exploit-db.com/exploits/19536
The exploit describes a vulnerability in the nph-test-cgi script, which allows remote users to browse the filesystem due to improper handling of shell expansion in the 'echo' command. This is an information leakage issue rather than a direct code execution vulnerability.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Apache <= 1.1, NCSA httpd <= 1.5.2, Netscape Commerce Server 1.12/Communications Server 1.1/Enterprise Server 2.0
No auth needed
Prerequisites:
Access to the target web server's nph-test-cgi script
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0045
Scores
EPSS
0.2616
EPSS Percentile
97.7%
Details
Status
published
Products (11)
apache/http_server
0.8.11
apache/http_server
0.8.14
apache/http_server
1.0
apache/http_server
1.0.2
apache/http_server
1.0.3
apache/http_server
1.0.5
apache/http_server
1.1
netscape/commerce_server
1.12
netscape/communications_server
1.1
netscape/communications_server
1.12
... and 1 more
Published
Dec 10, 1996
Tracked Since
Feb 18, 2026