Vulnerability in N/a
CVE-2001-0925
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be misha…
EPSS: 0.895 (99.6th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit (mailing-list, x_refsource_BUGTRAQ)
- www.apacheweek.com/features/security-13 (x_refsource_CONFIRM)
- 20010419 OpenBSD 2.8patched Apache vuln! (mailing-list, x_refsource_BUGTRAQ)
- ESA-20010620-02 (vendor-advisory, x_refsource_ENGARDE)
- 20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS (mailing-list, x_refsource_BUGTRAQ)
- apache-slash-directory-listing(6921) (vdb-entry, x_refsource_XF)
- 20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released (mailing-list, x_refsource_BUGTRAQ)
- DSA-067 (vendor-advisory, x_refsource_DEBIAN)
- MDKSA-2001:077 (vendor-advisory, x_refsource_MANDRAKE)
- 2503 (vdb-entry, x_refsource_BID)