Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0173

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0173
Last Modified 10 Sep 2008 03:25:21
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0173

Summary

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Vulnerable Systems

Application

  • Apache Http Server 0.8.11

  • Apache Http Server 0.8.14

  • Apache Http Server 1.0

  • Apache Http Server 1.0.2

  • Apache Http Server 1.0.3

  • Apache Http Server 1.0.5

  • Apache Http Server 1.1

  • Apache Http Server 1.1.1

  • Apache Http Server 1.2

  • Apache Http Server 1.2.5

  • Apache Http Server 1.3


References

XF - apache-cygwin-directory-traversal(15293)

BID - 9733

CONFIRM - http://www.apacheweek.com/issues/04-03-12

SECUNIA - 10962

BUGTRAQ - 20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin

FULLDISC - 20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=26152


Last Updated: 27 May 2016 10:38:30