Unrated severityNVD Advisory· Published Jul 15, 1997· Updated Apr 16, 2026

CVE-1999-0146

Description

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

Affected products

Ncsa/Campas
cpe:2.3:a:ncsa:campas:*:*:*:*:*:*:*:*
Ncsa/Servers
cpe:2.3:a:ncsa:servers:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/1975nvd
exchange.xforce.ibmcloud.com/vulnerabilities/298nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000