Signature Detail

HTTP: Apache Win32 Batch File Arbitrary Command Execution

This signature detects attempts to exploit a known vulnerability against Apache Win32 Web Server. A successful attack can allow attackers to execute arbitrary commands.

Extended Description

Special characters (such as |) may not be filtered by the batch file handler when a web request is made for a batch file. As a result, a remote attacker may be able to execute arbitrary commands on the host running the vulnerable software. It should be noted that webservers on Windows operating systems normally run with SYSTEM privileges. The 2.0.x series of Apache for Microsoft Windows ships with a test batch file which may be exploited to execute arbitrary commands. Since this issue is in the batch file handler, any batch file which is accessible via the web is appropriate for the purposes of exploitation.

Affected Products

• Apache Software Foundation Apache 1.3.11
• Apache Software Foundation Apache 1.3.12
• Apache Software Foundation Apache 1.3.13
• Apache Software Foundation Apache 1.3.14
• Apache Software Foundation Apache 1.3.15
• Apache Software Foundation Apache 1.3.16
• Apache Software Foundation Apache 1.3.17
• Apache Software Foundation Apache 1.3.18
• Apache Software Foundation Apache 1.3.19
• Apache Software Foundation Apache 1.3.20
• Apache Software Foundation Apache 1.3.22
• Apache Software Foundation Apache 1.3.23
• Apache Software Foundation Apache 1.3.6
• Apache Software Foundation Apache 1.3.9
• Apache Software Foundation Apache 2.0.28 Beta
• Apache Software Foundation Apache 2.0.28 -BETA
• Apache Software Foundation Apache 2.0.32 -BETA

References

• BugTraq: 4335
• CVE: CVE-2002-0061