ID CVE-2002-0061
Summary Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 4335
bugtraq
  • 20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution
  • 20020325 Apache 1.3.24 Released! (fwd)
confirm http://www.apacheweek.com/issues/02-03-29#apache1324
xf apache-dos-batch-command-execution(8589)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 1.3.24: http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 18-10-2016 - 02:15
Published 21-03-2002 - 05:00
Last modified 18-10-2016 - 02:15
Back to Top