Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0173Path Traversal in Apache Http Server

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
44.9%
top 2.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedApr 15
Latest updateApr 29

Description

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server11 versions+10

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-p97v-fpq8-vh9w: Directory traversal vulnerability in Apache 12022-04-29
CVEList
CVE-2004-0173: Directory traversal vulnerability in Apache 12004-09-01

💥Exploits & PoCs

1
Exploit-DB
Apache Cygwin 1.3.x/2.0.x - Directory Traversal2004-02-24
CVE-2004-0173 — Path Traversal in Apache Http Server | cvebase