Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0661Path Traversal in Apache Http Server

7 documents6 sources
Severity
7.5HIGHNVD
EPSS
91.3%
top 0.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedAug 12
Latest updateApr 30

Description

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapache/http_server9 versions+8

Patches

Patch: httpd.apache.orgPatch: httpd.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-cjcj-mxqx-222g: Directory traversal vulnerability in Apache 22022-04-30
OSV
CVE-2002-0661: Directory traversal vulnerability in Apache 22002-08-12
CVEList
CVE-2002-0661: Directory traversal vulnerability in Apache 22002-08-10

💥Exploits & PoCs

2
Exploit-DB
Sendmail 8.12.6 - Compromised Source Backdoor2002-10-08
Exploit-DB
Apache 2.0 - Encoded Backslash Directory Traversal2002-08-09

📋Vendor Advisories

1
Debian
CVE-2002-0661: apache2 - Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, ...2002
CVE-2002-0661 — Path Traversal in Apache Http Server | cvebase