CyberSec.Space Logo
Back to CVE Browser

CVE-1999-0146

HIGH
7.5
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile0.19th
PublishedJul 15, 1997
Last ModifiedApr 16, 2026

Vulnerability Description

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

Affected Platforms (CPE)

πŸ“¦
Ncsa

Campas

All versions
πŸ“¦
Ncsa

Servers

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/1975
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/298
πŸ”— http://www.securityfocus.com/bid/1975
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/298

Related Vulnerabilities

CVE-1999-054810.0

A superfluous NFS server is running, but it is not importing or exporting any file systems.

CVE-1999-054710.0

An SSH server allows authentication through the .rhosts file.

CVE-1999-093510.0

classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.

CVE-1999-055410.0

NFS exports system-critical data to the world, e.g. / or a password file.