CVE-2001-0925
published 2001-03-12CVE-2001-0925: The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a…
medium5CVSS 3.1
AVNACLAuNCPINAN
EXPLOIT
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| debian | debian_linux | — | — |