The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
References
Configurations
History
07 Nov 2023, 01:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2001-03-12 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2001-0925
Mitre link : CVE-2001-0925
CVE.ORG link : CVE-2001-0925
JSON object : View
Products Affected
debian
- debian_linux
apache
- http_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')