CVE-2002-0061

Apache HTTP Server < 1.3.24 - Remote Code Execution via Shell Metacharacter Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0061. PoCs published by SPAX.

AI-analyzed exploit summary This exploit targets CVE-2002-0061, a command injection vulnerability in Apache for Windows. It leverages improper filtering of special characters in batch file requests to execute arbitrary commands via the test-cgi.bat file.

Description

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SPAX · perlremotewindows

https://www.exploit-db.com/exploits/21350

View Code ZIP pw:eip

This exploit targets CVE-2002-0061, a command injection vulnerability in Apache for Windows. It leverages improper filtering of special characters in batch file requests to execute arbitrary commands via the test-cgi.bat file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache for Windows (1.3.6, 2.0.34-beta)

No auth needed

Prerequisites: Access to a vulnerable Apache server with test-cgi.bat or another batch file accessible via the web

MITRE ATT&CK