CVE-2001-0925
CVE-2001-0925
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/20692unverifiedexploitdbwww.exploit-db.com/exploits/20693unverifiedexploitdbwww.exploit-db.com/exploits/20694unverifiedexploitdbwww.exploit-db.com/exploits/20695unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttp://www.apacheweek.com/features/security-13http://www.debian.org/security/2001/dsa-067http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3http://www.linuxsecurity.com/advisories/other_advisory-1452.htmlhttp://www.securityfocus.com/archive/1/168497http://www.securityfocus.com/archive/1/178066http://www.securityfocus.com/archive/1/193081