Alias(es)Apache.CMD.Command.Execution.A |
Release DateSep 11, 2006 |
Severityhigh |
ImpactAttackers can execute arbitrary commands on the victim system. |
DescriptionThis indicates a potentially malicious attempt to execute commands on an Apache Web Server.Apache Web Server is an open source solution to building a secure modern web server that is compatible with both UNIX and Windows operating systems. Due to inadequate user input checking, a remote attacker can execute arbitrary commands on a target system by sending it a specially crafted message. |
Affected ProductsAny unprotected Apache HTTP Server versions 1.3.23 and earlier or versions 2.0.28 Beta is vulnerable to the attack. |
Recommended ActionsUpdate to Apache Group Apache 1.3.24 or newer. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-0061CVE-1999-0947 |
Reference/shttp://www.ciac.org/ciac/bulletins/m-070.shtmlhttp://www.securityfocus.com/bid/4335 (BugTraq) http://www.kb.cert.org/vuls/id/124003 |
