CVSS: 9.8EPSS: 19%CPEs: 2EXPL: 1CVE-2002-0061 – Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0061
21 Mar 2002 — Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen com... • https://www.exploit-db.com/exploits/21350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1556
https://notcve.org/view.php?id=CVE-2001-1556
31 Dec 2001 — The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1125
https://notcve.org/view.php?id=CVE-1999-1125
19 Sep 1997 — Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. • http://marc.info/?l=bugtraq&m=87602880019796&w=2 •