Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-881e-dkhk-y7fc
Vulnerability ID VCID-881e-dkhk-y7fc
Aliases CVE-2002-0061
Summary Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts.
Status Published
Exploitability 2.0
Weighted Severity 7.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
epss 0.88277 https://api.first.org/data/v1/epss?cve=CVE-2002-0061
epss 0.88277 https://api.first.org/data/v1/epss?cve=CVE-2002-0061
epss 0.88277 https://api.first.org/data/v1/epss?cve=CVE-2002-0061
epss 0.88277 https://api.first.org/data/v1/epss?cve=CVE-2002-0061
epss 0.88277 https://api.first.org/data/v1/epss?cve=CVE-2002-0061
apache_httpd critical https://httpd.apache.org/security/json/CVE-2002-0061.json
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2002-0061
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=101674082427358&w=2
http://online.securityfocus.com/archive/1/263927
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0061.json
https://api.first.org/data/v1/epss?cve=CVE-2002-0061
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.apacheweek.com/issues/02-03-29#apache1324
http://www.iss.net/security_center/static/8589.php
http://www.securityfocus.com/bid/4335
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
CVE-2002-0061 https://httpd.apache.org/security/json/CVE-2002-0061.json
CVE-2002-0061 https://nvd.nist.gov/vuln/detail/CVE-2002-0061
CVE-2002-0061;OSVDB-769 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/21350.pl
CVE-2002-0061;OSVDB-769 Exploit https://www.securityfocus.com/bid/4335/info
Data source Exploit-DB
Date added March 21, 2002
Description Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
Ransomware campaign use Known
Source publication date March 21, 2002
Exploit type remote
Platform windows
Source update date Sept. 17, 2012
Source URL https://www.securityfocus.com/bid/4335/info
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2002-0061
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99487
EPSS Score 0.88277
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:11.503348+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2002-0061.json 38.0.0