CVE-2002-0014 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2002-0014

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).

Affected Software

Name	Vendor	Start Version	End Version
Pine	University_of_washington	4.20 (including)	4.20 (including)
Pine	University_of_washington	4.21 (including)	4.21 (including)
Pine	University_of_washington	4.30 (including)	4.30 (including)
Pine	University_of_washington	4.33 (including)	4.33 (including)

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000460
http://marc.info/?l=bugtraq\u0026m=101027841605918\u0026w=2
http://rhn.redhat.com/errata/RHSA-2002-009.html
http://www.securityfocus.com/bid/3815
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-015