Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0869 — Apache Http Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

10.6%

top 6.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Http Server Suse Linux

Timeline

PublishedNov 14

Latest updateApr 30

Description

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDsuse/suse_linux6 versions+5

▶NVDapache/http_server1.3.12

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7g2r-9q3g-84p3: The default configuration of Apache 1↗2022-04-30

▶

CVEList

CVE-2000-0869: The default configuration of Apache 1↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

Apache 1.3.12 - WebDAV Directory Listings↗2000-09-07

▶