What is CVE-2004-0173?

CVE-2004-0173 is a vulnerability in N/a. Published 2004-09-01.

Is CVE-2004-0173 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2004-0173

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

EPSS: 0.528 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.apacheweek.com/issues/04-03-12 (x_refsource_CONFIRM)
20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin (mailing-list, x_refsource_BUGTRAQ)
20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability (mailing-list, x_refsource_FULLDISC)
apache-cygwin-directory-traversal(15293) (vdb-entry, x_refsource_XF)
issues.apache.org/bugzilla/show_bug.cgi (x_refsource_CONFIRM)
10962 (x_refsource_SECUNIA, third-party-advisory)
9733 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2004-0173?: CVE-2004-0173 is a vulnerability in N/a. Published 2004-09-01.
Is CVE-2004-0173 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.