CVE-2002-0061 Information

Description

Apache for Win32 before 1.3.24 and 2.0.x before 2.0.34-beta allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts which are sent unfiltered to the shell interpreter typically cmd.exe.

Reference

http://marc.info/?l=bugtraq&m=101674082427358&w=2 http://online.securityfocus.com/archive/1/263927 http://www.apacheweek.com/issues/02-03-29apache1324 http://www.iss.net/security_center/static/8589.php http://www.securityfocus.com/bid/4335