Sparfell

**Name of the Vulnerable Software and Affected Versions** Apache 2.x with mod tcl module 1.0 **Description** The issue allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a `set var` function call in files `tcl cmds.c` and `tcl core.c`. **Recommendations** For Apache 2.x with mod tcl module 1.0, consider disabling the `set var` function in `tcl cmds.c` and `tcl core.c` until a patch is available. Restrict access to the mod tcl module to minimize the risk of exploitation.