开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载

2.2.15//support/win32/wintty.c Line:269[13] if (CreateProcess(appname,cmdline, NULL, NULL, TRUE, File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:658[15] bResult =CreateProcess(NULL,File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:707[15]bResult = CreateProcess(NULL,File: httpd-2.2.15//server/mpm/winnt/service.c Line:1179[13]if (CreateProcess(NULL, exe_cmd, NULL, NULL, FALSE,Severity: HighIssue: CreateProcessArgument 3 to this function call should be checked to ensure that it doesnot come from an untrusted source without first verifying that it containsnothing dangerous.File: httpd-2.2.15//support/win32/wintty.c Line:269[13] if(CreateProcess(appname, cmdline, NULL, NULL, TRUE, File:httpd-2.2.15//support/win32/ApacheMonitor.c Line:658[15]bResult = CreateProcess(NULL,File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:707[15]bResult = CreateProcess(NULL,File: httpd-2.2.15//server/mpm/winnt/service.c Line:1179[13]if (CreateProcess(NULL, exe_cmd, NULL, NULL, FALSE,Severity: HighIssue: ShellExecuteMany program execution commands under Windows will search the path for aprogram if you do not explicitly specify a full path to the file. This canallow trojans to be executed instead. Also, be sure to specify a fileextension, since otherwise multiple extensions will be tried by theoperating system, providing another opportunity for trojans. File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:242[10] if (!ShellExecute(hwnd,_T("runas"), __targv[0], args, NULL,SW_NORMAL)) {File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1475[17]ShellExecute(hDlg, _T("open"), _T("services.msc"), _T("/s"),File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1688[17]ShellExecute(NULL, _T("open"), _T("services.msc"), _T("/s"),Severity: Medium