CVE-1999-0146

NCSA Web Server - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0146. PoCs published by Francisco Torres.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the Campas CGI script (version 1.2) shipped with older NCSA HTTPd versions. The script fails to sanitize user input, allowing arbitrary command execution via %0a (linefeed) characters.

Description

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Francisco Torres · textremotecgi
https://www.exploit-db.com/exploits/20423

This exploit demonstrates a command injection vulnerability in the Campas CGI script (version 1.2) shipped with older NCSA HTTPd versions. The script fails to sanitize user input, allowing arbitrary command execution via %0a (linefeed) characters.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NCSA HTTPd (with Campas CGI script v1.2)
No auth needed
Prerequisites: Target running vulnerable NCSA HTTPd with Campas CGI script · Network access to the web server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1975
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/298

Scores

EPSS 0.1466
EPSS Percentile 96.2%

Details

Status published
Products (2)
ncsa/campas
ncsa/servers
Published Jul 15, 1997
Tracked Since Feb 18, 2026