HighCheck or Attack Name: vulnphf
A vulnerability exists in the phf phone book program included with older NCSA and Apache server packages that allows a remote attacker to execute arbitrary commands on your web server. Exploit information for this vulnerability is widespread and many programs exist to actively probe entire networks for this vulnerability.
The phf program is not necessary for normal operation of your web server and should be removed from the cgi-bin directory.
CERT Advisory CA-96.06, Vulnerability in NCSA/Apache CGI example code, http://www.cert.org/advisories/CA-96.06.cgi_example_code.html
IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-1996:002.1, Some C-language based Common Gateway Interface programs that call a shell to execute other programs can be tricked into executing any arbitrary command, http://www-1.ibm.com/services/brs/brspwhub.nsf/advisories
IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-1996:002.2, Update of ERS-SVA-E01-1996:002.1, http://www-1.ibm.com/services/brs/brspwhub.nsf/advisories
