CVE-1999-1130

Netscape Enterprise Server <3.5.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1130. PoCs published by David Litchfield.

AI-analyzed exploit summary The writeup describes an information disclosure vulnerability in Netscape Enterprise Server 3.51+ where crafted search queries can bypass default settings to expose full text of JHTML or scripted files. It provides example URLs demonstrating the exploit mechanism.

Description

Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by David Litchfield · textremotemultiple

https://www.exploit-db.com/exploits/19443

View Code ZIP pw:eip

The writeup describes an information disclosure vulnerability in Netscape Enterprise Server 3.51+ where crafted search queries can bypass default settings to expose full text of JHTML or scripted files. It provides example URLs demonstrating the exploit mechanism.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Netscape Enterprise Server 3.51 and above

No auth needed

Prerequisites: Access to the target server's search functionality

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=93346448121208&w=2

Mailing List mailing-list x_refsource_ntbugtraq

http://marc.info/?l=ntbugtraq&m=93337389603117&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/559

Scores

EPSS 0.0306

EPSS Percentile 85.9%

Details

Status published

Products (1)

netscape/enterprise_server < 3.5.1

Published Jul 30, 1999

Tracked Since Feb 18, 2026