CVE-1999-0236

HIGH

NCSA/Apache httpd - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0236. PoCs published by anonymous.

AI-analyzed exploit summary The exploit describes a path traversal vulnerability in NSCA httpd and Apache Web Server where multiple forward slashes in a URL bypass ScriptAlias, allowing remote users to view CGI script source code instead of executing it.

Description

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Exploits (1)

exploitdb WRITEUP VERIFIED
by anonymous · textremotemultiple
https://www.exploit-db.com/exploits/20595

The exploit describes a path traversal vulnerability in NSCA httpd and Apache Web Server where multiple forward slashes in a URL bypass ScriptAlias, allowing remote users to view CGI script source code instead of executing it.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: NSCA httpd <= 1.5, Apache Web Server < 1.0
No auth needed
Prerequisites: ScriptAlias directory defined under DocumentRoot · CGI scripts present in the targeted directory
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.2579
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (2)
apache/http_server < 1.0
illinois/ncsa_httpd
Published Jan 01, 1997
Tracked Since Feb 18, 2026