CVE-1999-0070

Apache HTTP Server < 1.3.0 - Directory Listing via test-cgi Program

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0070. PoCs published by @stake, HORKimhab.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in NCSA HTTPd's test-cgi script due to improper handling of shell metacharacters, allowing remote attackers to obtain directory listings via crafted input.

Description

test-cgi program allows an attacker to list files on the server.

Exploits (2)

exploitdb WRITEUP VERIFIED
by @stake · textremotecgi
https://www.exploit-db.com/exploits/20435

The exploit describes a directory traversal vulnerability in NCSA HTTPd's test-cgi script due to improper handling of shell metacharacters, allowing remote attackers to obtain directory listings via crafted input.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: NCSA HTTPd (version not specified)
No auth needed
Prerequisites: NCSA HTTPd with test-cgi script accessible
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
github STUB
by HORKimhab · shellpoc
https://github.com/HORKimhab/poc-cve-collection/tree/main/1999/0xxx/CVE-1999-0070.md

The repository contains a placeholder markdown file for CVE-1999-0070, describing an information leak vulnerability in the `test-cgi` program that allows attackers to list files on the server. However, no functional exploit code or technical details are provided.

Classification
Stub 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: test-cgi (common CGI script in early HTTP servers)
No auth needed
Prerequisites: Access to a vulnerable `test-cgi` script on a web server
mistral-large-3 · analyzed Jul 14, 2026 Full analysis →

References (1)

Core 1

Scores

EPSS 0.2958
EPSS Percentile 98.0%

Details

Status published
Products (1)
apache/http_server < 1.3.0
Published Apr 01, 1996
Tracked Since Feb 18, 2026