LiveActive security incident?Get immediate response
CVE Record

CVE-1999-0640: The Gopher service is running.

The Gopher service is running.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This finding notes that a Gopher service is running on a system. Gopher is an obsolete internet protocol from the early 1990s that has been almost entirely replaced by the web. Running it today is unusual and generally indicates a legacy or misconfigured system. The record itself does not describe a specific software flaw, but the exposure of a rarely-used service raises questions about system hygiene.

Executive priority

Low priority. This is an informational finding about an outdated protocol, not a critical vulnerability. Treat it as a hygiene item: confirm whether the service is needed, and if not, retire it during normal maintenance windows.

Technical view

CVE-1999-0640 is an information/exposure entry indicating the Gopher service (typically TCP/70) is active on a host. No specific vendor, product, version, CWE, or CVSS score is assigned, and no patch is referenced. The entry functions as a "service running" observation used by scanners rather than a defined software vulnerability. Risk depends on the underlying Gopher daemon implementation and how it is configured.

Likely exposure

Exposure is limited to systems still running Gopher servers, which is rare in modern environments. Most likely locations are legacy Unix hosts, academic archives, hobbyist servers, or forgotten services on internal networks. Internet-exposed instances would be discoverable via port 70 scans.

Exploitation context

There is no evidence of active exploitation tied to this CVE, and it is not listed in CISA KEV. The record is a service-detection finding, not a weaponizable flaw. Any real risk would stem from vulnerabilities in the specific Gopher daemon implementation, not from this entry itself.

Researcher notes

The CVE record contains only a generic description with no vendor, product, CVSS, or CWE metadata. It behaves like a Nessus-style "service detection" plugin ID mapped into the early CVE list. Real risk analysis must pivot to the specific Gopher daemon (e.g., gopherd, PyGopherd) and its known CVEs. Absence of KEV listing and any exploitation reporting supports a low priority classification.

Mitigation direction

  • Disable the Gopher service if it is not required for a documented business purpose.
  • Restrict TCP/70 access at the firewall to trusted networks only.
  • If Gopher must remain, confirm the daemon is patched and vendor-supported.
  • Review the host for other legacy services that may indicate broader neglect.
  • Document any intentional Gopher deployments in the asset inventory.

Validation and detection

  • Scan the host for an open TCP/70 listener and confirm a Gopher banner.
  • Identify the specific Gopher daemon and version in use.
  • Cross-reference the daemon and version against current vulnerability databases.
  • Review firewall and access logs for external connections to port 70.
  • Confirm whether the service is intentionally deployed or a legacy artifact.
Prepared
Confidence
high
Sources
2

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-1999-0640 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.