CVE-2002-0061

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
21/03/2002
Last modified:
03/04/2025

Description

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 1.3.24 (excluding)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 2.0.0 (including) 2.0.34 (excluding)


References to Advisories, Solutions, and Tools