CVE-2001-0925

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
References
Link Resource
http://www.apacheweek.com/features/security-13 Vendor Advisory
http://www.debian.org/security/2001/dsa-067 Third Party Advisory
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-1452.html Third Party Advisory
http://www.securityfocus.com/archive/1/168497 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/178066 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/193081 Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/2503 Exploit Patch Third Party Advisory VDB Entry
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.apacheweek.com/features/security-13 Vendor Advisory
http://www.debian.org/security/2001/dsa-067 Third Party Advisory
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-1452.html Third Party Advisory
http://www.securityfocus.com/archive/1/168497 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/178066 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/193081 Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/2503 Exploit Patch Third Party Advisory VDB Entry
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*

History

20 Nov 2024, 23:36

Type Values Removed Values Added
References () http://www.apacheweek.com/features/security-13 - Vendor Advisory () http://www.apacheweek.com/features/security-13 - Vendor Advisory
References () http://www.debian.org/security/2001/dsa-067 - Third Party Advisory () http://www.debian.org/security/2001/dsa-067 - Third Party Advisory
References () http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 - Broken Link () http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 - Broken Link
References () http://www.linuxsecurity.com/advisories/other_advisory-1452.html - Third Party Advisory () http://www.linuxsecurity.com/advisories/other_advisory-1452.html - Third Party Advisory
References () http://www.securityfocus.com/archive/1/168497 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/168497 - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/178066 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/178066 - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/193081 - Exploit, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/193081 - Exploit, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/2503 - Exploit, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/2503 - Exploit, Patch, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 - Third Party Advisory, VDB Entry
References () https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E - () https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E -
References () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E - () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E -
References () https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E - () https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E -
References () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E - () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E -

06 Jul 2021, 16:38

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-22
CPE cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
References (ENGARDE) http://www.linuxsecurity.com/advisories/other_advisory-1452.html - (ENGARDE) http://www.linuxsecurity.com/advisories/other_advisory-1452.html - Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory
References (MLIST) https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory
References (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/6921 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/193081 - Exploit, Vendor Advisory (BUGTRAQ) http://www.securityfocus.com/archive/1/193081 - Exploit, Third Party Advisory, VDB Entry
References (MLIST) https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory
References (MANDRAKE) http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 - Patch, Vendor Advisory (MANDRAKE) http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 - (BUGTRAQ) http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/178066 - (BUGTRAQ) http://www.securityfocus.com/archive/1/178066 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/168497 - Patch, Vendor Advisory (BUGTRAQ) http://www.securityfocus.com/archive/1/168497 - Third Party Advisory, VDB Entry
References (CONFIRM) http://www.apacheweek.com/features/security-13 - (CONFIRM) http://www.apacheweek.com/features/security-13 - Vendor Advisory
References (BID) http://www.securityfocus.com/bid/2503 - Exploit, Patch, Vendor Advisory (BID) http://www.securityfocus.com/bid/2503 - Exploit, Patch, Third Party Advisory, VDB Entry
References (DEBIAN) http://www.debian.org/security/2001/dsa-067 - (DEBIAN) http://www.debian.org/security/2001/dsa-067 - Third Party Advisory

06 Jun 2021, 11:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E -

Information

Published : 2001-03-12 05:00

Updated : 2024-11-20 23:36


NVD link : CVE-2001-0925

Mitre link : CVE-2001-0925

CVE.ORG link : CVE-2001-0925


JSON object : View

Products Affected

debian

  • debian_linux

apache

  • http_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')