Vulnerabilities > CVE-1999-0146 - Unspecified vulnerability in Ncsa Campas and Servers
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | NCSA httpd-campas 1.2 sample script Vulnerability. CVE-1999-0146. Remote exploit for cgi platform |
| id | EDB-ID:20423 |
| last seen | 2016-02-02 |
| modified | 1997-07-15 |
| published | 1997-07-15 |
| reporter | Francisco Torres |
| source | https://www.exploit-db.com/download/20423/ |
| title | NCSA httpd-campas 1.2 sample script Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | CAMPAS.NASL |
| description | The remote web server appears to be NCSA httpd. This version of the web server comes with a sample CGI script, campas, that fails to properly sanitize user input. This could allow a remote attacker to execute arbitrary commands with the privileges of the web server. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10035 |
| published | 1999-06-22 |
| reporter | This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10035 |
| title | NCSA Campas cgi-bin Arbitrary Command Execution |