CVE-2002-0061

Name of the Vulnerable Software and Affected Versions Apache for Win32 versions 1.3.24 and earlier Apache for Win32 versions 2.0.x through 2.0.34-beta

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters, such as a | pipe character, provided as arguments to batch (.bat) or .cmd scripts. These scripts are sent unfiltered to the shell interpreter, typically cmd.exe.

Recommendations For Apache for Win32 versions 1.3.24 and earlier, update to version 1.3.24 or later to resolve the issue. For Apache for Win32 versions 2.0.x through 2.0.34-beta, update to version 2.0.34-beta or later to resolve the issue. As a temporary workaround, consider restricting access to batch file CGI scripts until a patch is available.