CVE: CVE-2002-0061

Export to Word

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.89023
Percentile: 0.99497

CVSS Scoring

CVSS v2 Score: 7.5

Severity:

Mapped CWE(s)

CWE-78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

All CAPEC(s)

CAPEC-108: Command Line Execution through SQL Injection
CAPEC-15: Command Delimiters
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-6: Argument Injection
CAPEC-88: OS Command Injection

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

← Back to Home