Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1016 — Linux vulnerability

5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

4.3%

top 11.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Suse Linux

Timeline

PublishedDec 11

Latest updateApr 30

Description

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsuse/suse_linux6.3, 6.4+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-68gh-xx2q-59p5: The default configuration of Apache (httpd↗2022-04-30

▶

CVEList

CVE-2000-1016: The default configuration of Apache (httpd↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - isComponentInstalled Overflow (Metasploit)↗2010-05-09

▶

Exploit-DB

SuSE Linux 6.3/6.4 - Installed Package Disclosure↗2000-09-21

▶