Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.48.  This version is vulnerable to a bug that may allow a rogue CGI to disable the httpd service by issuing over 4K of data to stderr. To exploit this flaw, an attacker would need the ability to upload a rogue CGI script to this server and to have it executed by the Apache daemon (httpd).

The remote host appears to be running a version of Apache which is older  than 1.3.29  There are several flaws in this version that may allow an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite.

The remote host appears to be running a version of Apache that is older than 1.3.28  There are several flaws in this version, which may allow an attacker to disable the remote server.

Apache for Win32 prior to 1.3.24 and 2.0.x prior to 2.0.34-beta is shipped with a default script, '/cgi-bin/test-cgi.bat', that allows an attacker to remotely execute arbitrary commands on the host subject to the permissions of the affected application. 

An attacker can send a pipe character '|' with commands appended as parameters, which are then executed by Apache.

ID	Name	Product	Family	Severity
2175	Apache < 2.0.48 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
2174	Apache < 1.3.29 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
2173	Apache < 1.3.28 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
10938	Apache on Windows < 1.3.24 / 2.0.x < 2.0.34 DOS Batch File Arbitrary Command Execution	Nessus	Web Servers	high

Detections

Analytics

CVE-2002-0061

critical

Tenable Plugins

high

high

high

high