CVE-2004-0173

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*

History

20 Nov 2024, 23:47

Type Values Removed Values Added
References () http://issues.apache.org/bugzilla/show_bug.cgi?id=26152 - () http://issues.apache.org/bugzilla/show_bug.cgi?id=26152 -
References () http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html -
References () http://marc.info/?l=bugtraq&m=107765545431387&w=2 - () http://marc.info/?l=bugtraq&m=107765545431387&w=2 -
References () http://secunia.com/advisories/10962 - () http://secunia.com/advisories/10962 -
References () http://www.apacheweek.com/issues/04-03-12 - () http://www.apacheweek.com/issues/04-03-12 -
References () http://www.securityfocus.com/bid/9733 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/bid/9733 - Exploit, Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/15293 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/15293 -

Information

Published : 2004-04-15 04:00

Updated : 2024-11-20 23:47


NVD link : CVE-2004-0173

Mitre link : CVE-2004-0173

CVE.ORG link : CVE-2004-0173


JSON object : View

Products Affected

apache

  • http_server