The NCSA WebServer is a web server software that was widely used in the 1990s. It's now considered outdated and no longer supported by its original creators. The vulnerability allows an attacker to execute arbitrary code on your server by sending a malicious HTTP request.
You're affected if you use NCSA WebServer version 1.4.1 or below. Check with: find / -name "ncsa*.html" (Note: This command may not find all instances, as the vulnerability can be triggered by other files as well.)
This is a specific web server software and should be checked with your IT department if you use this product.
Upgrade to NCSA WebServer version 2.0 or later.
- Alternatively, apply the patch from the NCSA website: https://www.ncsa.gov/symptoms/ncsa-webserver-vulnerability