CVE-1999-0149

IRIX - Directory Traversal via wrap CGI Program

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0149. PoCs published by J.A. Gutierrez.

AI-analyzed exploit summary The vulnerability in SGI Irix 6.2's 'wrap' CGI program allows directory traversal via a crafted URL, enabling remote attackers to view world-readable directory contents. This is an information leakage vulnerability due to lack of input validation.

Description

The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by J.A. Gutierrez · textremotemultiple

https://www.exploit-db.com/exploits/19298

View Code ZIP pw:eip

The vulnerability in SGI Irix 6.2's 'wrap' CGI program allows directory traversal via a crafted URL, enabling remote attackers to view world-readable directory contents. This is an information leakage vulnerability due to lack of input validation.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SGI Irix 6.2 (cgi-bin/wrap)

No auth needed

Prerequisites: Network access to the target server · Presence of the vulnerable 'wrap' CGI program

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/247

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/373

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/290

Scores

EPSS 0.0275

EPSS Percentile 84.3%

Details

Status published

Products (1)

sgi/irix 6.2

Published Apr 19, 1997

Tracked Since Feb 18, 2026