CVE-1999-0526

EXPLOITED

X Server - Info Disclosure

Title source: llm

Description

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

Exploits (3)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/x11/x11_keyboard_exec.rb

View Code ZIP pw:eip

metasploit SCANNER

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/x11/open_x11.rb

View Code ZIP pw:eip

metasploit WORKING POC

by h00die, nir tzachar · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/x11_keyboard_spy.rb

View Code ZIP pw:eip

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/704969

Scores

EPSS 0.7075

EPSS Percentile 98.7%

Exploitation Intel

VulnCheck KEV 2025-02-27

Classification

Status draft

Affected Products (1)

x.org/x11

Timeline

Published Jul 01, 1997

Tracked Since Feb 18, 2026