CVE-2001-0108
published 2001-03-12CVE-2001-0108: PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that…
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.83%
76.2th percentile
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mandrakesoft | mandrake_linux | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j2hw-525w-j8q2: PHP Apache module 4
ghsa_unreviewed·2022-04-30
CVE-2001-0108 [MEDIUM] GHSA-j2hw-525w-j8q2: PHP Apache module 4
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
Red Hat
security flaw
vendor_redhat·2001-01-12·CVSS 5.0
CVE-2001-0108 [MEDIUM] security flaw
security flaw
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
No detection rules found.
arXiv
Encoding a Taxonomy of Web Attacks with Different-Length Vectors
arxiv_fulltext·2002-10-29
Encoding a Taxonomy of Web Attacks with Different-Length Vectors
## Abstract
Web attacks, i.e. attacks exclusively using the HTTP protocol, are
rapidly becoming one of the fundamental threats for information
systems connected to the Internet. When the attacks suffered by
web servers through the years are analyzed, it is observed that
most of them are very similar, using a reduced number of attacking
techniques. It is generally agreed that classification can help
designers and programmers to better understand attacks and build
more secure applications. As an effort in this direction, a new
taxonomy of web attacks is proposed in this paper, with the
objective of obtaining a practically useful reference framework
for security applications. The use of the taxonomy is illustrated
by means of multiplatform real world web attack examples. Along
with this taxo
Bugzilla
CVE-2001-0108 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2001-0108 [MEDIUM] CVE-2001-0108 security flaw
CVE-2001-0108 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373http://marc.info/?l=bugtraq&m=97957961212852http://www.debian.org/security/2001/dsa-020http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3http://www.redhat.com/support/errata/RHSA-2000-136.htmlhttp://www.securityfocus.com/bid/2206https://exchange.xforce.ibmcloud.com/vulnerabilities/5940http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373http://marc.info/?l=bugtraq&m=97957961212852http://www.debian.org/security/2001/dsa-020http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3http://www.redhat.com/support/errata/RHSA-2000-136.htmlhttp://www.securityfocus.com/bid/2206https://exchange.xforce.ibmcloud.com/vulnerabilities/5940
2001-03-12
Published