CVE-2002-0061

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
References
Link Resource
http://marc.info/?l=bugtraq&m=101674082427358&w=2 Mailing List Third Party Advisory
http://online.securityfocus.com/archive/1/263927 Broken Link Third Party Advisory VDB Entry
http://www.apacheweek.com/issues/02-03-29#apache1324 Release Notes
http://www.iss.net/security_center/static/8589.php Broken Link
http://www.securityfocus.com/bid/4335 Broken Link Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
http://marc.info/?l=bugtraq&m=101674082427358&w=2 Mailing List Third Party Advisory
http://online.securityfocus.com/archive/1/263927 Broken Link Third Party Advisory VDB Entry
http://www.apacheweek.com/issues/02-03-29#apache1324 Release Notes
http://www.iss.net/security_center/static/8589.php Broken Link
http://www.securityfocus.com/bid/4335 Broken Link Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:38

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=101674082427358&w=2 - Mailing List, Third Party Advisory () http://marc.info/?l=bugtraq&m=101674082427358&w=2 - Mailing List, Third Party Advisory
References () http://online.securityfocus.com/archive/1/263927 - Broken Link, Third Party Advisory, VDB Entry () http://online.securityfocus.com/archive/1/263927 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.apacheweek.com/issues/02-03-29#apache1324 - Release Notes () http://www.apacheweek.com/issues/02-03-29#apache1324 - Release Notes
References () http://www.iss.net/security_center/static/8589.php - Broken Link () http://www.iss.net/security_center/static/8589.php - Broken Link
References () http://www.securityfocus.com/bid/4335 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/4335 - Broken Link, Third Party Advisory, VDB Entry
References () https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
References () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
References () https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
References () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory

26 Jan 2024, 20:01

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E', 'name': '[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E', 'name': '[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E', 'name': '[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E', 'name': '[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html', 'tags': [], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
  • () https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
  • () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
  • () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E - Issue Tracking, Mailing List, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/4335 - (BID) http://www.securityfocus.com/bid/4335 - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=101674082427358&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=101674082427358&w=2 - Mailing List, Third Party Advisory
References (BUGTRAQ) http://online.securityfocus.com/archive/1/263927 - (BUGTRAQ) http://online.securityfocus.com/archive/1/263927 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.apacheweek.com/issues/02-03-29#apache1324 - (CONFIRM) http://www.apacheweek.com/issues/02-03-29#apache1324 - Release Notes
References (XF) http://www.iss.net/security_center/static/8589.php - (XF) http://www.iss.net/security_center/static/8589.php - Broken Link
CPE cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-78

06 Jun 2021, 11:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E -

Information

Published : 2002-03-21 05:00

Updated : 2024-11-20 23:38


NVD link : CVE-2002-0061

Mitre link : CVE-2002-0061

CVE.ORG link : CVE-2002-0061


JSON object : View

Products Affected

apache

  • http_server
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')