Executive Summary

Informations
NameCVE-2002-0061First vendor Publication2002-03-21
VendorCveLast vendor Modification2016-10-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-6Argument Injection
CAPEC-15Command Delimiters
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-88OS Command Injection
CAPEC-108Command Line Execution through SQL Injection

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

OpenVAS Exploits

DateDescription
2005-11-03Name : Apache Remote Command Execution via .bat files
File : nvt/apache_bat_exec.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
769Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution

Snort® IPS/IDS

DateDescription
2014-01-10.cmd? access
RuleID : 9791 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10.bat? access
RuleID : 976-community - Revision : 20 - Type : SERVER-WEBAPP
2014-01-10.bat? access
RuleID : 976 - Revision : 20 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2002-04-18Name : The remote web server is affected by a remote command execution vulnerability.
File : apache_bat_exec.nasl - Type : ACT_ATTACK

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/4335
BUGTRAQ http://marc.info/?l=bugtraq&m=101674082427358&w=2
http://online.securityfocus.com/archive/1/263927
CONFIRM http://www.apacheweek.com/issues/02-03-29#apache1324
XF http://www.iss.net/security_center/static/8589.php

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2016-10-18 12:00:58
  • Multiple Updates
2014-02-17 10:24:26
  • Multiple Updates
2014-01-19 21:21:37
  • Multiple Updates
2013-05-11 12:07:58
  • Multiple Updates