|Title:||Apache Remote Command Execution via .bat files|
|Summary:||The Apache 2.0.x Win32 installation is shipped with a ;default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute ;commands on the Apache server (although it is reported that any .bat file ;could open this vulnerability.); ;An attacker can send a pipe character with commands appended as parameters, ;which are then executed by Apache.|
The Apache 2.0.x Win32 installation is shipped with a
default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute
commands on the Apache server (although it is reported that any .bat file
could open this vulnerability.)
An attacker can send a pipe character with commands appended as parameters,
which are then executed by Apache.
This bug is fixed in 1.3.24 and 2.0.34-beta, or remove /cgi-bin/test-cgi.bat
BugTraq ID: 4335|
Common Vulnerability Exposure (CVE) ID: CVE-2002-0061
Bugtraq: 20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution (Google Search)
Bugtraq: 20020325 Apache 1.3.24 Released! (fwd) (Google Search)
|Copyright||This script is Copyright (C) 2002 Matt Moore|
|This is only one of 51507 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.