Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Win32 安全漏洞
Vulnerability Description
Apache是使用最广泛的开放源码的Web服务器程序,分Unix和Windows两种发行版本。Windows版本的Apache在处理批处理文件的Web请求没有过滤一些特殊字符(比如'|'),远程攻击者可以利用这个漏洞在目标主机执行任意命令。Apache在Windows操作系统下一般都是以SYSTEM权限运行,所以会造成很大的危害。2.0.x系列的Windows版Apache默认安装都自带了一个test的批处理文件,这个文件可以利用来执行命令。其它任意可以通过Web访问的批处理文件都可以利用。
CVSS Information
N/A
Vulnerability Type
N/A