Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0236. PoCs published by anonymous.
AI-analyzed exploit summary The exploit describes a path traversal vulnerability in NSCA httpd and Apache Web Server where multiple forward slashes in a URL bypass ScriptAlias, allowing remote users to view CGI script source code instead of executing it.
Description
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by anonymous · textremotemultiple
https://www.exploit-db.com/exploits/20595
The exploit describes a path traversal vulnerability in NSCA httpd and Apache Web Server where multiple forward slashes in a URL bypass ScriptAlias, allowing remote users to view CGI script source code instead of executing it.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
NSCA httpd <= 1.5, Apache Web Server < 1.0
No auth needed
Prerequisites:
ScriptAlias directory defined under DocumentRoot · CGI scripts present in the targeted directory
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0236
Scores
CVSS v3
7.5
EPSS
0.2579
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
apache/http_server
< 1.0
illinois/ncsa_httpd
Published
Jan 01, 1997
Tracked Since
Feb 18, 2026