Local and remote users may be able to execute arbitrary commands on the
server with the privileges of the httpd daemon. This may
be used to compromise the HTTP server and, under certain
configurations, gain privileged access.
The Hypertext Transport Protocol (HTTP) allows a client
to access HTML pages and other web applications using a web browser.
HTTP servers contain programs called CGI scripts which perform
functions on the server at the request of the client (when a form is
submitted, for example) and transmit
results to the client's browser in the form of an HTML page.
For those interested in reading more about general WWW security and secure
http://hoohoo.ncsa.uiuc.edu/cgi/ CGI programming, visit the
Wide Web Security FAQ.
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact