CVE-1999-0146 - The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary c

CVE-1999-0146

Summary

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

References

http://www.securityfocus.com/bid/1975
https://exchange.xforce.ibmcloud.com/vulnerabilities/298

Vulnerable Configurations

cpe:2.3:a:ncsa:campas:*:*:*:*:*:*:*:*
cpe:2.3:a:ncsa:campas:*:*:*:*:*:*:*:*
cpe:2.3:a:ncsa:servers:*:*:*:*:*:*:*:*
cpe:2.3:a:ncsa:servers:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1975
bugtraq	19970715 Bug CGI campas
xf	http-cgi-campas(298)

Last major update

03-05-2018 - 01:29

Published

15-07-1997 - 04:00

Last modified

03-05-2018 - 01:29