| VID |
21026 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "campas" CGI program is installed in the relevant web server. This CGI has a security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). The campas program is included as a sample CGI program in some older versions of the NCSA web server.
* References:
http://www.iss.net/security_center/static/298.php |
| Recommendation |
The campas CGI program is not required for the normal functioning of your web server and should be deleted. |
| Related URL |
CVE-1999-0146 (CVE) |
| Related URL |
1975 (SecurityFocus) |
| Related URL |
(ISS) |
|
