CVE-1999-0146
First published: Tue Jul 15 1997(Updated: )
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NCSA CAMPAS | ||
| NCSA HTTPd |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-0146?
CVE-1999-0146 has a high severity rating due to the potential for remote command execution.
How do I fix CVE-1999-0146?
To fix CVE-1999-0146, it is recommended to remove or restrict access to the campas CGI program on affected NCSA web servers.
What systems are affected by CVE-1999-0146?
CVE-1999-0146 affects certain versions of the NCSA CAMPAS CGI program and NCSA HTTPd web server.
What type of attack is associated with CVE-1999-0146?
CVE-1999-0146 is associated with remote command execution attacks through the manipulation of HTTP query strings.
Is CVE-1999-0146 still a relevant threat today?
While CVE-1999-0146 is an older vulnerability, any systems still using affected software may remain at risk.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/ncsa
- canonical/ncsa campas
- canonical/ncsa httpd