CVE-2001-1449 — Apache Http Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

5.8%

top 9.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +1 more

Timeline

PublishedNov 28

Latest updateApr 30

Description

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDmandrakesoft/mandrake_linux_corporate_server1.0.1

▶NVDmandrakesoft/mandrake_linux7.1, 7.3, 8.0+2

▶NVDapache/http_server11 versions+10

▶NVDmandrakesoft/mandrake_single_network_firewall7.2

Patches

Patch: www.kb.cert.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-xvj7-rgf2-85f2: The default installation of Apache before 1↗2022-04-30

▶

CVEList

CVE-2001-1449: The default installation of Apache before 1↗2005-04-21

▶