Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.Referenceshttp://www.geocities.com/gzhangx/websrv/docs/security.htmlhttp://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html
