Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0061

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0061
Last Modified 05 Sep 2008 04:27:04
Published 21 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0061

Summary

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Vulnerable Systems

Application

  • Apache Http Server 1.3.23

  • Apache Http Server 2.0.28


References

BUGTRAQ - 20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution

CONFIRM - http://www.apacheweek.com/issues/02-03-29#apache1324

BID - 4335

XF - apache-dos-batch-command-execution(8589)

BUGTRAQ - 20020325 Apache 1.3.24 Released! (fwd)


Last Updated: 27 May 2016 10:36:46