Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0925

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-0925
Last Modified 05 Sep 2008 04:25:15
Published 12 Mar 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0925

Summary

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Vulnerable Systems

Application

  • Apache Http Server 1.3.19


References

XF - apache-slash-directory-listing(6921)

BID - 2503

BUGTRAQ - 20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released

MANDRAKE - MDKSA-2001:077

BUGTRAQ - 20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS

BUGTRAQ - 20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit

BUGTRAQ - 20010419 OpenBSD 2.8patched Apache vuln!

ENGARDE - ESA-20010620-02

DEBIAN - DSA-067

CONFIRM - http://www.apacheweek.com/features/security-13


Last Updated: 27 May 2016 10:36:27