The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apache
  • Http Server
Debian
  • Debian Linux

Configuration 1 [-]

OR cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.apacheweek.com/features/security-13 cve-icon cve-icon
http://www.debian.org/security/2001/dsa-067 cve-icon cve-icon
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 cve-icon cve-icon
http://www.linuxsecurity.com/advisories/other_advisory-1452.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/168497 cve-icon cve-icon
http://www.securityfocus.com/archive/1/178066 cve-icon cve-icon
http://www.securityfocus.com/archive/1/193081 cve-icon cve-icon
http://www.securityfocus.com/bid/2503 cve-icon cve-icon
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 cve-icon cve-icon
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-02-02T05:00:00

Updated: 2024-08-08T04:37:07.135Z

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-0925

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2001-03-12T05:00:00.000

Modified: 2023-11-07T01:55:39.893

Link: CVE-2001-0925

cve-icon Redhat

No data.