Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-0061

Published: 21/03/2002 Updated: 26/01/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Http Server

Vulnerability Summary

Apache for Win32 prior to 1.3.24, and 2.0.x prior to 2.0.34-beta, allows remote malicious users to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

Exploits

Exploit DB: Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
source: wwwsecurityfocuscom/bid/4335/info Special characters (such as |) may not be filtered by the batch file handler when a web request is made for a batch file As a result, a remote attacker may be able to execute arbitrary commands on the host running the vulnerable software It should be noted that webservers on Windows operating s ...

References

CWE-78http://www.apacheweek.com/issues/02-03-29#apache1324http://online.securityfocus.com/archive/1/263927http://www.iss.net/security_center/static/8589.phphttp://www.securityfocus.com/bid/4335http://marc.info/?l=bugtraq&m=101674082427358&w=2https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://www.exploit-db.com/exploits/21350/https://www.kb.cert.org/vuls/id/124003
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook