CVE-1999-0146 | Date: (C)1997-07-15 (M)2023-12-22 |
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 7.5 |
Exploit Score: 10.0 |
Impact Score: 6.4 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: LOW |
Authentication: NONE |
Confidentiality: PARTIAL |
Integrity: PARTIAL |
Availability: PARTIAL |
| |