Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0042 — Apache Http Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

42.0%

top 2.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Http Server

Timeline

PublishedFeb 16

Latest updateApr 30

Description

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server1.3

🔴Vulnerability Details

GHSA

GHSA-gm7x-33x3-3qg9: PHP 3↗2022-04-30

▶

CVEList

CVE-2001-0042: PHP 3↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Apache 1.3 + PHP 3 - File Disclosure↗2000-12-06

▶