CVE-2002-0061

high Apache
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
88.3%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: March 21, 2002 (8820 days ago)
Last Modified: April 16, 2026
Vendor: Apache
Source: NVD

Description

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

CWE

CWE-78

Affected Products

apache http server

References

🔗 marc.info 🔗 online.securityfocus.com 🔗 www.apacheweek.com 🔗 www.iss.net 🔗 www.securityfocus.com