Vulners
Lucene search
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi
Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Commerce Server 1.12/Communications Server 1.1/Enterprise Server 2.0 a nph-test-cgi Vulnerability
source: https://www.securityfocus.com/bid/686/info
Description as given by Josh Richards:
A security hole exists in the nph-test-cgi script included in most UNIX based World Wide Web daemon distributions. The nph-* scripts exist to allow 'non-parsed headers' to be sent via the HTTP protocol (this is not the cause of this security problem, though). The problem is that nph-test-cgi, which prints out information on the current web environment (just like 'test-cgi' does) does not enclose its arguments to the 'echo' command inside of quotes....shell escapes are not possible (or at least I have not found them to be--yet) but shell *expansion* is.... This means that _any_ remote user can easily browse your filesystem via the WWW.
This is a bug with the nph-test-cgi script and _not_ the server itself.
Enter the URL: <http://yourwebserver.com/cgi-bin/nph-test-cgi?*>
Replace <yourwebserver.com> with the hostname of a server running a web
daemon near you. Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Dec 1996 00:00Current
7High risk
Vulners AI Score7