Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0731Apache Http Server vulnerability

7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
80.8%
top 0.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedOct 1
Latest updateMay 3

Description

Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server1.3.20

Patches

Patch: www.apacheweek.comPatch: www.apacheweek.com

🔴Vulnerability Details

2
GHSA
GHSA-jjrq-qfvr-fggw: Apache 12022-05-03
CVEList
CVE-2001-0731: Apache 12002-06-25

💥Exploits & PoCs

1
Exploit-DB
Apache 1.3 - Directory Index Disclosure2001-07-10

🔍Detection Rules

1
Suricata
GPL WEB_SERVER apache ?M=D directory list attempt2010-09-23

📋Vendor Advisories

1
Red Hat
security flaw2001-07-09

💬Community

1
Bugzilla
CVE-2001-0731 security flaw2018-08-16
CVE-2001-0731 — Apache Http Server vulnerability | cvebase